Provide Subject Matter Expert (SME) support to the office of the Chief Information Security Officer (CISO) to ensure customer systems receive their Authority to Operate (ATO) with a security posture in accordance with DHS 4300A and NIST SP guidance.
This support shall include providing IT security assessment and IT security audit functions to ensure FISMA compliance, support in developing and maintaining documentation in support of Certification & Accreditation (C&A) as required by the Federal Information Security Management Act (FISMA); ensuring all C&A and system security documentation is kept up to date; and ensuring systems meet all security requirements mandated by DHS 4300A and DHS Management Directives.
Conduct security assessments and produce reports with the results and findings
Develop Plan of Action & Milestone (POA&M) process and implementation strategy
Recommends improvements and identifies metrics for remediation of information security weakness. Recommends strategies for overall organization to minimize risk
Ensure proper access controls are implemented for both system access and physical access to data processing facilities
Create, update and assess compliance of system Authority to Operate (ATO) packages
Provide information security expertise to system development teams throughout the System Engineering Lifecycle process
Independently manages workload and provides guidance to less experienced staff
Active SECRET clearance required.
Ability to obtain DHS EOD suitability or Current DHS EOD preferred.
Education and Experience:
Typically Requires a Bachelor’s degree or equivalent, and 8 to 12 years of related experience in information security Masters degree preferred
At least three years of experience working with FISMA
Demonstrated expertise in SELC, Information Security processes, audits, tools, implementation, FISMA, NIST, IT security
Knowledge of information security best practices, Enterprise Architecture, DHS experience
Experience with Xacta IA manager strongly preferred.
Any DoD 8570 approved baseline certifications (e.g. CISSP, CEH, CAP, CISM)