Key Role:
Serve as a Mid-Level Information Systems Security Officer (ISSO) for appointed systems. Work with system owners, create and maintain Assessment and Authorization (A&A) documentation, including system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones to support Authorization to Operate (ATO) decisions. Capture and refine information security requirements for new systems or for enhanced functionality on an existing system and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC). Implement information security standards and procedures. Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
Basic Qualifications:
7 years of experience with information assurance or cybersecurity
Knowledge of NIST Risk Management Framework at the subject matter expert level, including SP 800-30, 37, 39, 53, and 53-A
Knowledge of FEDRamp, DHS and OMB compliance standards
Ability with supporting system security and authorization processes
Ability to guide the development of enterprise-specific implementation guidance for agency management
Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
Bachelor's degree
Security + (Plus) Continuing Education (CE) Certification, CAP or Certified Information Security Manger (CISM) Certification or CISSP Certification or Global Information Assurance Certification (GIAC) Certification or Security Leadership (GSLC) Certification
Additional Qualifications:
Knowledge of risk and how to measure risk for IT systems
Knowledge of IT systems used in healthcare or health research
Ability to interact effectively with senior management and leadership
Possession of excellent verbal and written communication skills
Vetting:
Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.
#LI-AH1, ID15-C