GovernmentCIO

  • Cybersecurity System Assessment and Authorization Analyst - Mid level

    Job Locations US-DC-Washington | US-MD-Rockville
    Posted Date 1 month ago(1 month ago)
    Job ID
    2018-1439
    # of Openings
    1
    Category
    Information Technology
  • Overview

    GovernmentCIO is looking to bring on a Cybersecurity System Assessment and Authorization Analyst - Mid level to help support our team. 

    Responsibilities

     

    The Cybersecurity Cybersecurity System Assessment and Authorization Analyst - Mid level is responsible for effectively managing information security risk organization-wide requires the following key elements:

    • Provide SA&A services to the NHLBI to support the development of security documentation for the NHLBI GSS, its child systems, and the NHLBI’s external Contractor support systems.
    • Conduct annual assessment of the NHLBI GSS and its child systems as determined by the ISSO. The Contractor shall conduct a full SA&A before the NHLBI GSS Authority to Operate (ATO) expires.
    • Provide FedRAMP support when the NHLBI Authorizing Official (AO) decides to sponsor a CSP through the FedRAMP process.
    • Review vulnerability scan results and develop plan of action to remediation the outstanding issues.
    • Assist the technical staff in executing a remediation for the plan of action.
    • Establish application cybersecurity testing service and process.
    • Develop Cybersecurity control gates in the SDLC.
    • Regularly engage with the ITAC developer community to ensure that Cybersecurity Controls are engineered into systems including integration of security into the DevSecOps processes.
    • Develop a tool or checklist to assist developers with security requirements gathering, including security decision trees to navigate standard controls such as NIST-800-53, CCHIT, HL7 security profiles, etc.
    • Coordinate with Enterprise Architects, System Operations, Developers and other supporting team to develop Gold Image for Approved Cloud Service Providers (Azure, AWS, etc.).

     

    GCIO seeks a Cybersecurity System Assessment and Authorization Analyst - Mid level with the following:

    • Knowledge of strategic planning for cybersecurity risk management
    • Knowledge of SA&A - System Assessment and Authorization
    • Knowledge of Risk Management Framework (RMF) implementation
    • Knowledge of cybersecurity risk management implementation (strategy and plan to exeute)
    • Knowledge of NIST 800-39 Managing Information Security Risk (Organization, Mission, and Information System view).  
    • Knowledge of NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) new framework that D/A are applying to their cybersecurity program and it is how they are reporting FISMA metrics to DHS
    • Knowledge of GRC (governance, risk management, compliance)
    • Knowledge of FISMA
    • Knowledge of 800-53 controls
    • Senior level communications
    • Strategic planning
    • Excellent analysis and writing skills

    The Cybersecurity System Assessment and Authorization Analyst - Mid level will:

    • Ensure that senior leaders/executives recognize the importance of managing information security risk and establish appropriate governance structures for managing such risk;
    • Ensure that the organization’s risk management process is being effectively conducted across the three tiers of organization, mission/business processes, and information systems;
    • Foster an organizational climate where information security risk is considered within the context of the design of mission/business processes, the definition of an overarching enterprise architecture, and system development life cycle processes; and
    • Help individuals with responsibilities for information system implementation or operation better understand how information security risk associated with their systems translates into organization-wide risk that may ultimately affect the mission/business success.

    Qualifications

     

    Certification Requirements:

    CISSP is preferred. Key positions require CISSP. CISM, Security +, CISA.

    Skills Requirements:

    Enterprise Risk Management, Cybersecurity Risk Management, Governance Risk and Compliance (GRC), Cybersecurity Framework (CSF), FISMA, NIST 800-39, Risk Management Framework, NIST 800-37, NIST 800-53

    Tools & Software Experience:

    n/a

    Education Requirements:

    BS/BA

    Years of Experienced Required:

    3 to 5 years experience, maybe even more senior level at 7 years

    Anticipated Disqualifications:

    Level 5: Public Trust - Moderate Risk. Contractor/subcontractor employees assigned to Level 5 positions with no previous investigation and approval shall undergo a Suitability Determination and a Minimum Background Investigation (MBI), or a Limited Background Investigation (LBI).

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed