Icon hamburger
US
What job do you want?
Apply to this job.
Think you're the perfect candidate?
Apply on company site
Thumsup

You’re being taken to an external site to apply.

Enter your email below to receive job recommendations for similar positions.
Default3

Information Security Compliance SME

Macro Solutions Washington Contractor
Apply on company site
We have an urgent need for Information Security Compliance SME for 6 months contract-to-hire role in Washington DC. 

Key focus areas or experience a suitable candidate should have includes:
1.  Analytics
2.  Patch Management
3.  Security Event Manager
4.  Architecture Diagrams 

MAJOR DUTIES AND RESPONSIBILITIES
  • Create, manage security accreditation packages for systems.
  • Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each application, system, and network.
  • Categorize information systems, select appropriate security controls based on system categorization, tailor security controls, assess security controls, draft PoA&Ms, and develop ATO packages using NIST Risk Management Framework cycle.
  • Review Security assessment reports and develop PoA&Ms and risk mitigation plans.
  • Develop and or analyze Judiciary information system security plans that are in conformance with Judiciary Information Security Framework - JISF (based on NIST 800 Series Special Publications.) 
  • Use CSAM as a SA&A management tool.
  • Utilize technical expertise of computer security theories, principles, practices, and functional tools for a broad range of computer security related areas, including certification and accreditation of government information and telecommunications systems, IT disaster recovery and business continuity planning, and risk management for the Judiciary’s IT systems. 
  • Work with other program offices, internal and external customers throughout the information system life cycle process to ensure adequate security considerations are built into systems in accordance with applicable Judiciary guidelines (1) to protect the Judiciary systems and data assets, and (2) to ensure the continual reviewing and implementation of information security training requirements throughout the life cycle process. 
  • Use vendor descriptions, technical documents and or hands-on evaluation of applications or demos to evaluate security controls and will work with Subject Matter Experts (SMEs), developers, network engineers and network support personnel as necessary to obtain additional information required for adequate analysis. 
  • May serve as the AOTO-IT Security representative to meetings of various working groups, committees and or teams to represent AOTO INFOSEC requirements for systems software and hardware. To effectively represent AOTO IT Security in these meetings, the candidate must maintain current knowledgeable of Judiciary and AOTO’s security architecture and evolving security requirements.
  • Meet and deal with all levels of management within AOTO and other program offices and with employees and their groups.
  • Serve as an INFOSEC Analyst with responsibility for ensuring the confidentially, integrity, and availability of information and information systems supporting Judiciary assets through the planning, analysis, development, implementation, maintenance, and enhancement of information system security programs, policies, procedures, and tools.
  • Will have responsibility for providing expertise on the AOTO’s IT security architecture; emerging technologies and their applications to business processes; IT security concepts, standards, and methods; project management principles, methods, and practices including developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting on accomplishments.
  • Perform other duties as assigned.

REQUIRED KNOWLEDGE
  • Mastery level knowledge of techniques, principles and theories pertaining to providing security and protection to IT resources. 
  • Mastery level knowledge of risk management framework and risk management processes for Federal Government. (i.e. NIST special publications knowledge, FedRAMP standards, FIPS etc.)
  • Experience applying Federal government standards, including NIST Risk Management Framework, and NIST sp800-53.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Knowledge of Personally Identifiable Information (PII) data security standards. 
  • Knowledge of organization's enterprise information security architecture. 
  • Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. 
  • Mastery level knowledge of methods for protecting information systems and data; detecting and analyzing anomalous activity; restoring the security of information systems, network services and related capabilities; and identifying and mitigating information system vulnerabilities to prevent inadvertent data disclosure, unauthorized data modification, data destruction, or denial of service.
  • Knowledge of methods and tools used for risk management and the mitigation of risk for information systems and data. This requires a technical mastery of, and hands on experience using, risk assessment methods to determine vulnerabilities in local environments, processing procedures, personnel and other system components.
  • Knowledge of cyber defense and vulnerability assessment tools and their capabilities. 
  • Knowledge of the operating characteristics of various operating systems.
  • Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
  • Ability to use judgment, initiative, and resourcefulness in deviating from established methods to modify, adapt, and or refine broader guidelines to resolve specific complex problems; research trends and patterns; develop new methods and criteria; and or propose new policies and practices.
  • Plan, manage and provide guidance pertaining to IT Security architecture to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Work frequently requires the candidate to be involved in diverse projects simultaneously, several of which may have equally high priority.
  • The work requires exceptional coordination and integration of Judiciary Information Security Framework (JISF) compliance activities, which requires its own body of knowledge. Decisions and actions taken by candidate will have a direct and substantial impact on services rendered.

QUALIFICATIONS:

REQUIRED SKILLS:
  • At least 3 years at a Federal Agency (preferably Executive Branch) working with FISMA as a Risk Management Framework SME
  • At least 8 years of Information Technology (IT) experience including at least 5 years’ experience in IT security, including C&A and/or IT security risk analysis, preferably in support of the Federal Government
  • Extensive experience with FederalGovernment C&A practices and policies, particularly FISMA, NIST SP 800-53.
  • Experience with system categorization, security boundary definition, and selecting security controls.
  • Experience creating and implementing Plan of Action & Milestones (POA&M) to address security  vulnerabilities 
  • Experience designing cyber security architectural artifacts, providing architectural analysis of cyber security features and relating existing systems to future needs and trends
  • Experience working independently, while collaborating with application developers, engineers, and teammates to deliver information security artifacts.
  • Excellent oral and written communications skills. Interaction and information gathering with coworkers and customers.

DESIRED SKILLS:
  • Experience coordinating and overseeing the implementation of risk mitigation plans and PoA&Ms for major systems or Local Area Networks General Support Systems (LAN-GSS).
  • Experience developing ATO packages for major systems or LAN-GSS.
  • Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
  • Plan, manage and provide guidance pertaining to IT Security to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Work frequently requires the candidate to be involved in diverse projects simultaneously, several of which may have equally high priority.
  • Experience reviewing policy, procedures for compliance.
  • Excellent oral and written communications skills. Interaction and information gathering with coworkers and customers.

EDUCATION/CERTIFICATIONS:
•Bachelor’s degree in IT or related field is preferred
•Industry leading certifications relating to IT security (CISSP, CISA, CAP etc.) preferred.

-  If the person does not have a degree they should have at least 12 years' experience, including 3 years at a Federal Agency (preferably Executive Branch) working with FISMA as a Risk Management Framework SME

-  If the person does have a degree they should have at least 8 years experience, including 3 years at a Federal Agency (preferably Executive Branch) working with FISMA as a Risk Management Framework SME
 

Skills required

Installations (Computer Systems)
Assure Integrity
Understand Vulnerability
Risk Assessments
Incident Response
Ensure Protection
Apply to this job.
Think you're the perfect candidate?
Apply on company site

Help us improve CareerBuilder by providing feedback about this job: Report this job

Report this Job

Once a job has been reported, we will investigate it further. If you require a response, submit your question or concern to our Trust and Site Security Team

Job ID: MK338437626225664

CAREERBUILDER TIP

For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.