This is a client-supporting position. Successful candidates will provide IT security program management support services, to include IT Security program development, security assessment & authorization, contingency and disaster recovery planning and testing, security planning and policy development, security training, vulnerability assessments, security controls testing, risk assessments, security plan development, and FISMA compliance reviews.
Essential Functions / Responsibilities:
The IT Security Specialist/Lead will support the Information Systems Security Officer (ISSO) and develop / manage the NIGMS Security Program in coordination with the ISSO and facilitate FISMA compliance for NIH General Medical Sciences (NIGMS) systems while also managing the onsite security team and day-to-day/ ongoing contract activities and initiatives. The IT Security Specialist will use the NIH SA&A Tool – NSAT (TrustedAgent C&A) tool set to accomplish and document system assessment and authorizations (SA&A) and use MS Project to manage security tasks and team resource allocation. Compliance services ensure that the ISSOs have the necessary information throughout the lifecycle of each system.
The candidate shall demonstrate competency in the NIST Special Publications, OMB guidance, FISMA as it relates to security. Services include the following:
- Support ISSO on a day to day basis through meeting preparation/ presentations; meeting management; action item management; problem solving; staff relations; implementation of NIH initiatives; data calls.
- Develop and implement key processes and procedures to incorporate security throughout the SDLC process.
- Manage onsite security team activities; determine LOE for various security projects and manage client expectations regarding deliverables and due dates.
- Analyze deficiencies/gaps in the current security program and work to improve during contract duration.
- Conduct quality reviews of SA&A packages for thoroughness and compliance with HHS, NIH Policies, OMB and NIST guidance. This includes validating all information system security testing results and reporting.
- Performing analysis of system SA&A boundaries.
- Overseeing the Plan of Action and Milestones (POA&M) process and reporting.
- Developing and publishing security policy and procedures necessary to implement the requirements. of the NIGMS IT Security Program.
- Reviewing National Institute of Standards and Technology (NIST) publications applicable to FISMA and other directives for applicability to the NIGMS IT Security Program.
Minimum Education, Experience, and Skill Requirements:
- Minimum security clearance: Public Trust
- BS Degree in a computer related or security field
- 5+ years of IT security experience
- Experience working directly with clients; managing client expectations / deadlines.
- Experience managing an aggressive assessment timeline /schedule in order to meet project / client deadlines.
- Experience managing day-to-day team activities.
- Experience evaluating the security controls of complex IT networks and systems connected to those networks
- Experience in verifying and validating POA&Ms and management of POAMS
- Comprehensive understanding of the federal IT system development life cycle and how security is to be integrated into the process
- Sound understanding and experience regarding relevant federal (e.g., FISMA, Privacy Act, HIPAA, NIST, OMB, and FIPS) information technology security regulations, standards, policies, and procedures.
- Experience in researching new or emerging technologies and processes that may be incorporated as solutions to reoccurring security concerns
- Experience in reviewing IT security policies for compliance making recommendations if needed.
- Experience in conducting system assessments and authorizations (formerly known as C&A, including experience in determining SA&A boundaries.
- Ability to organize and prioritize work assignments and special requests in an unstructured environment.
- Ability to work in a deadline driven environment and handle multiple projects simultaneously.
- Ability to multi task and adjust to ever changing requirements.
- Ability to independently handle difficult client situations.
- Ability to takes ownership of problems and think outside of the box to find creative solutions.
- Capacity to build and maintain strong relationships with client personnel.
- Ability to prepare and conduct formal and informal presentations.
- Experience in working directly with clients; managing client expectations.
- Experience in project management.
- Team player who possesses excellent interpersonal skills and communication abilities, with a high degree of self-confidence.
- Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, etc.
- Technical background with a variety of computer hardware, software, and communication systems including system integration, network architectures, and physical logical communication systems/devices
- Must have exceptional written and oral communication skills.
Preferred Education, Experience, and Skill Requirements:
- Security Certification (i.e., CISSP, CISA) a plus;
- Secret Security Clearance
- Experience in performing systems security controls testing using NIST SP 800-53 on UNIX and Windows platforms.
- Experience in performing IT security audits/evaluations.
- Experience using Trusted Agent C&A
- Experience in conducting all aspects of the SA&A process to include SA&A boundary determination, system security controls testing, risk assessments, POA&Ms, and security plan development.
- Experience in contingency planning.
WiredPeople provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, WiredPeople complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.