Full Time Employee Contractor
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable.
The FISMA Program has on-going activities that are required to be performed on a daily, monthly, quarterly and annual basis. This includes collecting and analyzing the FISMA data submitted by the HHS Operating Divisions (OPDIVs), organizing working group meetings, generating dashboards, developing and distributing reports, reporting to management, and developing weekly status reports. The team must also coordinate with Privacy, Risk Management, Enterprise Architecture (EA), Policy, Enterprise Performance Lifecycle (EPLC) and Capital Planning and Investment Control (CPIC) to ensure all FISMA requirements are in alignment.
· Facilitate and support quarterly and annual FISMA reporting activities
· Assist in the development of dashboards and analytics regarding data collected from various data sources;
· Populate and distribute internal OPDIV FISMA performance dashboards, develop communications to accompany dashboards and, in collaboration with government staff, respond to all related inquiries
Improve HHS FISMA scores and risk identification by maturing FISMA-related processes and tools at the Department level to include:
Develop improvements to the FISMA reporting methodology to help HHS improve their understanding of the department security posture
Organize working group meetings (e.g., FISMA, CISO Council, Continuous Monitoring, etc.) to include the establishment of charters, on-going meeting administration support (meeting minutes, talking point, PPT) and related SOPs, and identification/development of agendas/topics. Maintaining CISO Council max portal page
Participate in outreach activities with HHS Operational Divisions (OpDivs) to provide the appropriate support to those agencies to mature their FISMA-related operations
Perform in-depth analyses of reported data from the OpDivs to assess accuracy, integrity, gaps, and weaknesses
· Work with OpDivs:
o To increase their understanding and execution of FISMA and operational risk management and reporting requirements
o To enhance the maturity of their respective security organizations
o To assess options for addressing security risks more effectively
· Maintain FISMA standard operating procedures (SOP) to be reflective of current processes, tools and requirements
· Provide logistical and administrative support and materials for meetings and monthly working groups
Perform ad hoc tasks, as requested (e.g. data calls, etc.)
Meet customer deadlines while maintaining a high level of quality
Qualifications and Education/Certification Requirements
B.A. or B.S. in related field and two years of information assurance services experience. B.A. or B.S. may be substituted with 4 years of professional Information Assurance services experience. Preferred active/current professional certifications obtained through ISC2 or ISACA, such as a CISSP, CISA or CISM certification.
Experience shall be in a related security technology or discipline such as security assessments (planning & compliance, architecture, audits, risk & vulnerability identification), creating and implementing security concepts and policy, encryption technology, firewall technology, information protection and/or security training and awareness.
Responsible for applying information assurance expertise and knowledge to either network and/or enterprise security, specifically to FISMA support services. Is familiar with and able to apply industry “best practices” security methodologies. Experienced in major areas of information assurance to include oversight of FISMA tasks, such as, but not limited to: collecting, analyzing and reporting FISMA data (monthly, annually), coordination across an enterprise to ensure FISMA requirements are met. Interfaces with all necessary levels of management and staff regarding Information Assurance services. Keeps aware of local, national, and international trends and developments in the area of information security and relates them to the needs of the client.
Possess the following experience:
· Ability to translate tactical issues and address them from a strategic perspective.
· Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
· Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53A, FIPS-199/200, and 800-30.
· Ability to assess and weigh current and evolving security risks in an operational environment.
· Proven problem management skills with the ability to think critically. Must be able to leverage technology and apply critical thinking to gather, aggregate, and analyze data, and present results to senior clients.
· Knowledge of NIST in regards to how it applies to FISMA reporting.
· Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
· Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.
· Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
· Effectively navigate political landscape and build and strengthen relationships at all levels to include other HHS OpDivs and government vendor partners.
· Strong presentation and consulting skills.
· Must be able to develop meeting agendas and materials, capture meeting minutes as well as facilitate meetings with the client as appropriate.
Strong verbal and written communication skills are required. Effective ability to effectively interact with various levels of senior management is necessary. Candidates must possess strong client interfacing and interpersonal skills. Candidates must be fluent in the English language.
Candidates may be asked to provide a writing sample.
To apply for this job, contact: