Compliance Specialist Must have at least seven (7) years of progressive experience in the information technology arena as a security analyst, security manager, system administrator or a combination of these. Must be able to simultaneously work on several I.T. system security projects requiring the analysis of complex I.T systems. Must possess clear, concise, and effective verbal and written communication and project management skills needed for functioning in an unstructured flexible environment. Reviews security controls and technical documents for compliance with Laws, Regulations, Policies, Guidelines and Standard Operation procedures (SOP). Knowledge of Cloud systems, Cloud Architecture and Cloud security. Familiar with FedRAMP, the FedRAMP standards and authorization process.
Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Support customers at the highest levels in the development and implementation of doctrine and policies. Apply expertise to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. Perform analysis, design, and development of security features for system architectures.
Specialized Responsibilities: Familiar with the NIST Risk Management Framework (RMF) and the Assessment and Authorization (A&A) process. Familiar with the NIST 800 series of technical publications. Familiar with the Assessment and Authorization (ATO) process Research major obstacles related to the ever-changing DHS FISMA requirements, which customer will need to overcome on a weekly, monthly, and yearly basis. Track: POA&MS and their expiration dates ATO documentation expirations (to include Contingency Planning and Privacy documents), Information Security Vulnerability Management (ISVM) compliance, Compliance with the DHS Performance Plan. Utilize dashboards and monitoring tools as required for, but not limited to tracking the following items: ISVMs, system scores, CDM scores, documentation, expiration dates Familiar with the Continuous Diagnostic am Mitigation (CDM) process Familiar with the FISMA scorecard and its components. Basic Responsibilities: Review ATO documents for compliance with policies and standards
Make recommendations to accept or reject ATO documents
Generate reports of ATO packages and their expiration dates.
Generate reports of security documents with their expiration datesion.
Preferred Qualifications: Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements technical knowledge of IT systems. Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc. (CSAM, EMASS, Archer, or IACTS) Experience drafting and reviewing security Authorization documentation to include, but not limited to, System Security Plans, Contingency Plans and Tests, Privacy Documentation, FIPS 199 categorization, e-authentication documentation, Configuration Management Plans, and Incident Response Plans Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers. Basic Qualifications: Proven experience as an ISSO or Security Controls Assessor Experience with Cloud Systems and FedRAMP Packages Knowledge of patch management, firewalls, and intrusion detection/prevention systems. Familiarity with public key infrastructure (PKI) and cryptographic protocols e.g., SSL/ TLS. An analytical mind with excellent problem-solving ability. Outstanding communication, organization, and decision-making skills. Years of experience or Education requirement: Education: Bachelor preferable but professional experience is Permitted:
7 years minimum of IT Cybersecurity experience including direct support of the US government and 4 years acting as an ISSO, assessor, or compliance analyst OR A relevant bachelors degree in IT, Computer Science, or engineering with 5 years of IT cybersecurity experience including direct support for the US Government and 4 years acting as an ISSO, assessor, or compliance analyst Certifications and Training (Required): At least one of the following security certifications:
Certified Authorization Professional (CAP) Certified Information Systems Security Officer (CISSO) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Clearance level: Requires a Secret Level Security Clearance. Work Location: Remote is authorized and the location of performance is Springfield, VA, Annapolis Junction, MD, and Freedom Center in Herndon, VA. Travel is not reimbursed for travel between Performance location and Remote Location
