FISMA Compliance Specialist

About The Position

Requirements

• Must be a U.S. Citizen
• Ability to obtain a Public Trust Clearance
• Six or more years experience providing technology leadership for IT Security projects.
• Bachelor’s degree in a technical field such as Cyber Security, Computer Science, Information Systems, IT, or related field. A high school diploma or GED, coupled with an additional 6 years of relevant experience, or an associate’s degree, coupled with an additional 4 years of experience, may be substituted for a bachelor’s degree.
• Four to six years of hands-on experience providing technology leadership for IT Security projects
• Four or more years’ experience with new and emerging cybersecurity technologies including but not limited to: hands-on tool usage of BigFix, Splunk, Tripwire, Cylance, Tenable, etc.
• Strong oral (fluent English) and written skills, experience interacting with and presenting to senior leaders, contract officers, etc, within an organization
• Strong skills in the following key areas: strategic thinking, multi-tasking, time management, planning, and executing to a defined schedule/budget

Nice To Haves

• Prefer expert level of experience with Microsoft products including Word, PowerPoint, Excel and Visio
• Prefer experience with data analytics and combining data sets from multiple sources to provide reports for identifying risk and measuring security posture
• Prefer knowledge of vulnerability dissemination sources (e.g., alerts, advisories, errata, and bulletins)
• Prefer experience with incident response handling methodologies
• Prefer knowledge of current industry methods for evaluating, implementing, and dissemination information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
• Prior experience using a helpdesk ticketing system such as ServiceNow is preferred
• Prior federal government IT Security experience is preferred
• At least one of the following certifications, bold preferred: Certified FISMA Compliance Practitioner (CFCP), Certified Information Systems Auditor (CISA), Certified in Governance, Risk, and Compliance (CGRC), Global Information Assurance Certification (GIAC), CompTIA Advanced Security Practitioner (CASP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Security+ CE
• Experience using ServiceNow or equivalent platform

Responsibilities

• Hands-on experience providing technology leadership for IT Security projects.
• Proven experience developing and maintaining Authorization to Operate (ATO) packages and providing other FISMA compliance support is required
• Act as a consultant to infrastructure and application teams, assisting them to achieve compliance with applicable policies and regulations
• Identify and mitigate vulnerabilities in unclassified information systems
• Provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, HHS, etc.
• Assist engineering teams with identifying applicable NIST 800-53 controls and compensating controls for unclassified systems
• Test for vulnerabilities in systems and networks and address issues accordingly, with support from the infrastructure teams
• Identify and report cyber-attacks and participate in any resulting investigations, as needed, to provide expertise on existing and mitigating security controls
• Lead incident response activities, coordinating response efforts between application, infrastructure, and cybersecurity teams in accordance with defined incident response plans, policies, and procedures

Benefits

• Health, dental, and vision insurance
• Life insurance
• Short- and long-term disability
• Paid time off (PTO)
• 401k retirement plan with employer match
• Annual Professional Development Reimbursement Program