Responsibilities
- Respond to crisis or urgent situations within the system to mitigate immediate and potential threats.
- Use mitigation, preparedness, and response and recovery approaches, as needed, to maximize information security.
- Oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to assure that IT systems meet the organization’s security requirements.
- Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- Provide security advice and recommendations to leadership and staff based on NIST and FIPS guidelines
- Analyze system security assessment reports.
- Use defensive measures and information collected from a variety of sources to identify, analyze, and report events
Requirements
- 1-2 years of professional experience supporting information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
- Comprehensive knowledge of the FISMA and FEDRAMP
- In-depth knowledge of the NIST SP 800 series documents
- In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them
- Practical knowledge of IT System contingency planning
- Active clearance or public trust