This is a client-supporting position. Successful candidates will provide IT security program management support services, to include IT Security program development, security assessment & authorization, contingency and disaster recovery planning and testing, security planning and policy development, security training, vulnerability assessments, security controls testing, risk assessments, security plan development, and FISMA compliance reviews.
Essential Functions / Responsibilities:
The IT Security Specialist will support the Information Systems Security Officer (ISSO) and the NIGMS Security Program and facilitate FISMA compliance for NIH General Medical Sciences (NIGMS) systems. The IT Security Specialist will use the NIH SA&A Tool – NSAT (TrustedAgent C&A) tool set to accomplish and document system assessment and authorizations (SA&A) and use MS Project to manage security tasks. Compliance services ensure that the ISSOs have the necessary information throughout the lifecycle of each system. Successful candidates shall demonstrate competency in the NIST Special Publications, OMB guidance, FISMA as it relates to security.
Services include the following:
- Support ISSO on a day to day basis through meeting preparation/ presentations; implementation of NIH initiatives; data calls.
- Develop and implement key processes and procedures to incorporate security throughout the SDLC process.
- Analyze deficiencies/gaps in the current security program and work to improve during contract duration.
- Conduct SA&A on NIGMS systems ensuring thoroughness and compliance with HHS, NIH Policies, OMB and NIST guidance. This includes validating all information system security testing results and reporting.
- Performing analysis of system SA&A boundaries.
- Support the Plan of Action and Milestones (POA&M) process and reporting.
- Develop security policy and procedures necessary to implement the requirements. of the NIGMS IT Security Program.
- Reviewing National Institute of Standards and Technology (NIST) publications applicable to FISMA and other directives for applicability to the NIGMS IT Security Program.
Minimum Education, Experience, and Skill Requirements:
- Minimum security clearance: Public Trust
- BS Degree in a computer related or security field
- 5+ years of IT security experience
- Experience working directly with clients;
- Experience managing an aggressive assessment timeline /schedule in order to meet project / client deadlines.
- Experience evaluating the security controls of complex IT networks and systems connected to those networks
- Experience in verifying and validating POA&Ms and management of POAMS
- Comprehensive understanding of the federal IT system development life cycle and how security is to be integrated into the process
- Sound understanding and experience regarding relevant federal (e.g., FISMA, Privacy Act, HIPAA, NIST, OMB, and FIPS) information technology security regulations, standards, policies, and procedures.
- Experience in researching new or emerging technologies and processes that may be incorporated as solutions to reoccurring security concerns
- Experience in reviewing IT security policies for compliance making recommendations if needed.
- Experience in conducting system assessments and authorizations (formerly known as C&A, including experience in determining SA&A boundaries.
- Ability to organize and prioritize work assignments and special requests in an unstructured environment.
- Ability to work in a deadline driven environment and handle multiple projects simultaneously.
- Ability to multi task and adjust to ever changing requirements.
- Ability to takes ownership of problems and think outside of the box to find creative solutions.
- Capacity to build and maintain strong relationships with client personnel.
- Ability to prepare and conduct formal and informal presentations.
- Experience in working directly with clients;
- Experience with MS Project for managing individual tasks.
- Team player who possesses excellent interpersonal skills and communication abilities, with a high degree of self-confidence.
- Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, etc.
- Technical background with a variety of computer hardware, software, and communication systems including system integration, network architectures, and physical logical communication systems/devices
- Must have exceptional written and oral communication skills.
Preferred Education, Experience, and Skill Requirements:
- Security Certification (i.e., CISSP, CISA) a plus;
- Secret Security Clearance
- Experience in performing systems security controls testing using NIST SP 800-53 on UNIX and Windows platforms.
- Experience in performing IT security audits/evaluations.
- Experience using Trusted Agent C&A
- Experience in conducting all aspects of the SA&A process to include SA&A boundary determination, system security controls testing, risk assessments, POA&Ms, and security plan development.
- Experience in contingency planning.
WiredPeople provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, WiredPeople complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.