This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

ECS is seeking an A&A SME to work remotely.

• Provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools.
• Provide support as needed to enhance agency information security program related to governance, optimizations, automation, and supporting tools.
• Support operational responsibilities in complying with Federal, Department, and Agency mandates and policies that include agency policies, the Federal Information Security Modernization Act (FISMA), OMB Circular A-130, OMB Circular A-123, OMB Circular A-11, and any additional OMB guidance relevant to the scope of this task.
• Support agency privacy, security and FISMA risk management and compliance reporting requirements.
• Develop/maintain a dashboard for agency leadership to provide constant view of risks to the agency ecosystem.
• Provide risk management guidance to the agency components for A&A activities as required, ensuring continuous risk monitoring of information security control implementation effectiveness and required information security compliance requirements.
• Review Authorization and Assessment Packages.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).

Qualifications

• 4-year college degree (or equivalent experience).
• 7+ years of RMF, Security Assessment or relevant experience required.
• Must have: CAP (or able to get it within 3 months).
• Strong written and verbal communication skills.
• Demonstrated ability to interact effectively with senior management and leadership.
• Ability to guide the development of enterprise-specific implementation guidance for agency management.
• Familiarity with NIST Risk Management Framework at the subject matter expert level, particularly including SP 800-30, 37, 39, 53, and 53-A.
• Knowledge of FedRAMP DHS and OMB compliance standards.

Requirements

• Salary Range: $100,000 - $115,000.

Benefits

• General Description of Benefits.