Full Time Employee Contractor
Role and Responsibilities:
· Conduct C&A Kick-off Meetings;
· Prepare the Security Assessment Plans;
· Conduct the Security Assessment Kick-off Meeting;
· Conduct Security Assessment via document examination, interviews and manual assessments;
· Analyze automated scan results;
· Populate the Requirements Traceability Matrix (RTM) with results of Security Assessment;
· Perform Risk Analysis;
· Create a Security Accreditation Report (SAR);
· Create a Plan of Action and Milestones (POA&M);
· Conduct Security Assessment Findings Meeting with the System Owner, ISSO and other system personnel as required.
· Requires 25% travel.
Qualifications and Education/Certification Requirements:
The successful candidate will have 3+ years of Security Assessment and Authorization experience and a Bachelor’s Degree is preferred. Must possess experience with NIST standards. This includes experience executing the full life-cycle of C&A activities including: defining the certification boundary, performing formal and technical risk assessments, developing and executing Security Test and Evaluation (ST&E) requirements, and developing Systems Security Plans (SSP) in accordance with federal and industry directives, guidelines, and best practices.
Technical writing experience (required):
· Security assessment reports
· Technical evaluation plans
· Technical reports for technical audience (System Admin, Network Admin, Database Admin, Application Developers)
· Technical reports for executive audience (System Owner, ISSO)
· Ability to translate tactical issues and address them from a strategic perspective.
· Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
· Awareness of current information security and privacy issues and the ability to interpret the requirements of relevant policies and standards set forth in OMB memoranda and NIST documentation, specifically, 800-37, 800-53A, FIPS-199/200, and 800-30.
· Ability to assess and weigh current and evolving security and privacy risks in an operational environment.
· Proven problem management skills with the ability to think critically. Must be able to leverage technology and apply critical thinking to gather, aggregate, and analyze data, and present results to senior clients.
· Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
· Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.
· Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
· Demonstrate leadership and foster collaborative team approach – interacts well with front line and senior management providing consultation and expert advice on information security related topics.
· Effectively navigate political landscape and build and strengthen relationships at all levels to include other divisions and government vendor partners.
· Strong presentation and consulting skills.
· Must be able to develop meeting agendas and materials as well as facilitate meetings with the client.
Strong verbal and written communication skills are required. Effective ability to effectively interact with various levels of senior management is necessary. Candidates must possess strong client interfacing and interpersonal skills. Candidates must be fluent in the English language.
Candidates may be asked to provide a writing sample.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret Clearance required.�
To apply for this job, contact: