Information Security Compliance Subject Matter Expert (SME)

Access Talent Today, LLC - Washington, DC

MAJOR DUTIES AND RESPONSIBILITIES

  • Create, manage security accreditation packages for systems.
  • Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each application, system, and network.
  • Categorize information systems, select appropriate security controls based on system categorization, tailor security controls, assess security controls, draft PoA&Ms, and develop ATO packages using NIST Risk Management Framework cycle.
  • Review Security assessment reports and develop PoA&Ms and risk mitigation plans.
  • Develop and or analyze Judiciary information system security plans that are in conformance with Judiciary Information Security Framework - JISF (based on NIST 800 Series Special Publications.)
  • Use CSAM as a SA&A management tool.
  • Utilize technical expertise of computer security theories, principles, practices, and functional tools for a broad range of computer security related areas, including certification and accreditation of government information and telecommunications systems, IT disaster recovery and business continuity planning, and risk management for the Judiciary's IT systems.
  • Work with other program offices, internal and external customers throughout the information system life cycle process to ensure adequate security considerations are built into systems in accordance with applicable Judiciary guidelines (1) to protect the Judiciary systems and data assets, and (2) to ensure the continual reviewing and implementation of information security training requirements throughout the life cycle process.
  • Use vendor descriptions, technical documents and or hands-on evaluation of applications or demos to evaluate security controls and will work with Subject Matter Experts (SMEs), developers, network engineers and network support personnel as necessary to obtain additional information required for adequate analysis.
  • May serve as the AOTO-IT Security representative to meetings of various working groups, committees and or teams to represent AOTO INFOSEC requirements for systems software and hardware. To effectively represent AOTO IT Security in these meetings, the candidate must maintain current knowledgeable of Judiciary and AOTO's security architecture and evolving security requirements.
  • Meet and deal with all levels of management within AOTO and other program offices and with employees and their groups.
  • Serve as an INFOSEC Analyst with responsibility for ensuring the confidentially, integrity, and availability of information and information systems supporting Judiciary assets through the planning, analysis, development, implementation, maintenance, and enhancement of information system security programs, policies, procedures, and tools.
  • Will have responsibility for providing expertise on the AOTO's IT security architecture; emerging technologies and their applications to business processes; IT security concepts, standards, and methods; project management principles, methods, and practices including developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting on accomplishments.
  • Perform other duties as assigned.


REQUIRED KNOWLEDGE

  • Mastery level knowledge of techniques, principles and theories pertaining to providing security and protection to IT resources.
  • Mastery level knowledge of risk management framework and risk management processes for Federal Government. (i.e. NIST special publications knowledge, FedRAMP standards, FIPS etc.)
  • Experience applying Federal government standards, including NIST Risk Management Framework, and NIST sp800-53.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of organization's enterprise information security architecture.
  • Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • Mastery level knowledge of methods for protecting information systems and data; detecting and analyzing anomalous activity; restoring the security of information systems, network services and related capabilities; and identifying and mitigating information system vulnerabilities to prevent inadvertent data disclosure, unauthorized data modification, data destruction, or denial of service.
  • Knowledge of methods and tools used for risk management and the mitigation of risk for information systems and data. This requires a technical mastery of, and hands on experience using, risk assessment methods to determine vulnerabilities in local environments, processing procedures, personnel and other system components.
  • Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • Knowledge of the operating characteristics of various operating systems.
  • Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
  • Ability to use judgment, initiative, and resourcefulness in deviating from established methods to modify, adapt, and or refine broader guidelines to resolve specific complex problems; research trends and patterns; develop new methods and criteria; and or propose new policies and practices.
  • Plan, manage and provide guidance pertaining to IT Security architecture to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Work frequently requires the candidate to be involved in diverse projects simultaneously, several of which may have equally high priority.
  • The work requires exceptional coordination and integration of Judiciary Information Security Framework (JISF) compliance activities, which requires its own body of knowledge. Decisions and actions taken by candidate will have a direct and substantial impact on services rendered.


QUALIFICATIONS:

REQUIRED SKILLS:
  • At least 3 years at a Federal Agency (preferably Executive Branch) working with FISMA as a Risk Management Framework SME
  • At least 8 years of Information Technology (IT) experience including at least Five to 3 years experience in IT security, including C&A and/or IT security risk analysis, preferably in support of the Federal Government
  • Extensive experience with Federal Government C&A practices and policies, particularly FISMA, NIST SP 800-53.
  • Experience with system categorization, security boundary definition, and selecting security controls.
  • Experience creating and implementing Plan of Action & Milestones (POA&M) to address security vulnerabilities
  • Experience designing cyber security architectural artifacts, providing architectural analysis of cyber security features and relating existing systems to future needs and trends
  • Experience working independently, while collaborating with application developers, engineers, and teammates to deliver information security artifacts.
  • Excellent oral and written communications skills. Interaction and information gathering with coworkers and customers.

DESIRED SKILLS:
  • Experience coordinating and overseeing the implementation of risk mitigation plans and PoA&Ms for major systems or Local Area Networks General Support Systems (LAN-GSS).
  • Experience developing ATO packages for major systems or LAN-GSS.
  • Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
  • Plan, manage and provide guidance pertaining to IT Security to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Work frequently requires the candidate to be involved in diverse projects simultaneously, several of which may have equally high priority.
  • Experience reviewing policy, procedures for compliance.
  • Excellent oral and written communications skills. Interaction and information gathering with coworkers and customers.

EDUCATION/CERTIFICATIONS:
  • Bachelor's degree in IT or related field is preferred.
  • Industry leading certifications relating to IT security (CISSP, CISA, CAP etc.) preferred.


Scheduled Weekly Hours:
40

Telecommuting Options:
Some Telecommuting Allowed

Posted On: Friday, June 28, 2019



Apply to this job
  • Additional Information