1. Ensure that applicable IT security policies are implemented for the system and for those aspects of system-related physical security also under their purview.
2. Ensure operational security posture consistent with current security policy is maintained.
3. Serve as the principal advisor to the AO, System Owner, or Chief Information Security Officer on all matters (technical and otherwise) involving security of the system.
4. Coordinate with the information System Owner to update the system security plan, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control.
5. Report existing or potential security issues to the CIO, CISO, ISSM, AO, and System Owner.
6. Ensure that security incidents and the security status of the affected IT system are reported to the appropriate CSIRC.
7. Ensure that system audit trails are regularly examined and anomalies reported to the CSIRC.
8. Ensure documentation is developed and maintained detailing the IT hardware and software configuration and all security countermeasures that protect it. Generally, this is maintained in the System Security Plan.
9. Complete mandatory, specialized information security training annually.
10. Continuous Monitoring - The systems security is reviewed or tested annually in accordance with Department policy. Security controls are selected and tested annually. The selection of controls includes POA&Ms closed in the past 12 months as well as, high-volatile controls or those which are of greatest risk to the system. The Continuous Monitoring Test Plan is developed and updated annually. Testing is conducted at least annually.
11. Configuration Management - Ensure security baselines are maintained and validated at least annually. A report of the validation is provided to the CISO for annual FISMA reporting. Ensure system is in compliance with Departmental and DO security configuration management policies.
12. Training - Identify all personnel assigned any of the roles defined by the Department as having specialized IT security responsibilities in support of the system. Ensure training information is reported to the CISO in support of annual FISMA reporting. The CISO will identify the approach used for collection and reporting of annual training.
13. Reporting - Update information and artifacts in the Department FISMA system in accordance with Department policy and procedures. This includes quarterly review and update of: Plan of Action and Milestones, C&A dates and artifacts, Security Controls review and test results, Contingency Plan and annual Test Results, system interfaces and interconnections, personnel with specialized security roles, and the associated artifacts required by the Department for these performance measures.
• CISSP certification with hands-on expertise in any two areas of the following: Access Control, Information Security Governance and Risk Management, Software Development Security, Security Architecture and Design, and Operations Security
• Hands-on knowledge of and experience with implementing NIST guidance such as: NIST 800 series special publications, especially 800-53 and 53A and C&A guidance, Federal Information Processing Standards Publications (FIPS), and OMB A-130
• Experience with the Federal Information Security Management Act (FISMA) regulations, policies, and procedures
• Demonstrated skill in reviewing and analyzing security documents and identifying problems/issues
• Some experience performing/participating in Certification and Accreditation activities (Risk Assessment, System Security Plan, ST&E)
• Ability to plan and execute work and determine when to escalate an issue
• Good writing and oral skills for reporting, training, and presentations
• Analytical, eye for detail
• Good client management skills for customer interaction
Our client is a large government organization that uses cutting edge technology. A drug and background check may be required.
LOCATION - Downtown Washington DC
Email your resume to firstname.lastname@example.org. Intrudetect, Inc. is an EEO Employer Share