Information Assurance Analyst (OIG) with Security Clearance
Overview The purpose of this task order is to provide professional service personnel to support the OIG Office of the Executive Director, IT Operations Directorate, through subject matter expertise with project management for large complex projects related to EX/IT's mission-centric approach to IT operations focused on customer service, collaboration, and innovationOIG is seeking support from a contractor to assist the Government in providing project management and business analyst support services for the U.
SDepartment of State, Office of Inspector General (OIG)The objective is to support EX/IT and OIG program office mission needs by identifying business requirements, initiating, and managing projects, and supporting a comprehensive approach to IT across OIGAll work must conform to OIG's enterprise policies and procedures, including but not limited to IT governance and managementResponsibilitieso Support system assessment and authorization (A&A) activities and advise the Government on recommended security control implementations and risk mitigations.
o Develop systems security plans and associated documents (FIPS 199, contingency plan, incident response, configuration management, continuous monitoring, etc.
) to meet Federal Information Security Modernization Act (FISMA) and NIST Risk Management Framework standards in support of third-party assessments and system authorization.
o Work closely with stakeholders to understand business processes, and through research and vendor outreach, identify and recommend compensating controls to mitigate riskso Perform pre-assessment control reviews, gather artifacts, complete system security and associated plan updates, and other documentation review and updateso Support development and maintenance of security controls for cloud solutionso Advise CISO or Authorizing Official of changes affecting the organization's cybersecurity posture.
o Assist CISO and support staff by providing timely advice, guidance, and templates to complete required tasks and documentationo Support annual incident response and contingency plan training and testing activities.
o Complete review of system and application configuration settings using automated and manual methodso Complete vulnerability scanning and evaluation of assetsCompile data to assist remediation activities; coordinate with staff to implement corrective actionsAssist in the development of POA&Ms for outstanding riskso Coordinate with staff to research and resolve security concerns and revise documentationo Assist in the preparation of official memorandums, such as Authorizing Official risk acceptance, POA&Ms, and various appointment letterso Research questions and requests; make recommendations based on cybersecurity policyo Support the configuration management process through the completion of security impact analyses Qualificationso 5-7 years of federal government knowledge and experience in applying and implementing the NIST Risk Management Framework and Special Publications 800-53, 800-37; FedRAMP, NIST Cybersecurity Framework, and other FISMA requirementso Experience in configuring and running vulnerability and configuration compliance (SCAP) scans, troubleshooting issues, and analyzing data to identify trends and recommend remediation actionso Experience in researching different types of technical security threats and recommending mitigating actionsProficient in calculating risk using NIST SP 800-30 to determine threat likelihood and impact.
o Proficiency in writing and maintaining system security plans, information security policies, and official memorandums intended for executive leadershipo Familiarity with use of Information Technology Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), and/or Project Management Professional (PMP) processeso Desired certifications:
Certified Information Systems Security Professional/Certified Information Security Manager (CISSP/CISM), PMP Recommended Skills Assessments Business Processes Business Requirements Certified Information Security Manager Certified Information Systems Security Professional Certified Project Management Professional Apply to this job.
Think you're the perfect candidate? Apply on company site Estimated Salary: $20 to $28 per hour based on qualifications.
SDepartment of State, Office of Inspector General (OIG)The objective is to support EX/IT and OIG program office mission needs by identifying business requirements, initiating, and managing projects, and supporting a comprehensive approach to IT across OIGAll work must conform to OIG's enterprise policies and procedures, including but not limited to IT governance and managementResponsibilitieso Support system assessment and authorization (A&A) activities and advise the Government on recommended security control implementations and risk mitigations.
o Develop systems security plans and associated documents (FIPS 199, contingency plan, incident response, configuration management, continuous monitoring, etc.
) to meet Federal Information Security Modernization Act (FISMA) and NIST Risk Management Framework standards in support of third-party assessments and system authorization.
o Work closely with stakeholders to understand business processes, and through research and vendor outreach, identify and recommend compensating controls to mitigate riskso Perform pre-assessment control reviews, gather artifacts, complete system security and associated plan updates, and other documentation review and updateso Support development and maintenance of security controls for cloud solutionso Advise CISO or Authorizing Official of changes affecting the organization's cybersecurity posture.
o Assist CISO and support staff by providing timely advice, guidance, and templates to complete required tasks and documentationo Support annual incident response and contingency plan training and testing activities.
o Complete review of system and application configuration settings using automated and manual methodso Complete vulnerability scanning and evaluation of assetsCompile data to assist remediation activities; coordinate with staff to implement corrective actionsAssist in the development of POA&Ms for outstanding riskso Coordinate with staff to research and resolve security concerns and revise documentationo Assist in the preparation of official memorandums, such as Authorizing Official risk acceptance, POA&Ms, and various appointment letterso Research questions and requests; make recommendations based on cybersecurity policyo Support the configuration management process through the completion of security impact analyses Qualificationso 5-7 years of federal government knowledge and experience in applying and implementing the NIST Risk Management Framework and Special Publications 800-53, 800-37; FedRAMP, NIST Cybersecurity Framework, and other FISMA requirementso Experience in configuring and running vulnerability and configuration compliance (SCAP) scans, troubleshooting issues, and analyzing data to identify trends and recommend remediation actionso Experience in researching different types of technical security threats and recommending mitigating actionsProficient in calculating risk using NIST SP 800-30 to determine threat likelihood and impact.
o Proficiency in writing and maintaining system security plans, information security policies, and official memorandums intended for executive leadershipo Familiarity with use of Information Technology Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), and/or Project Management Professional (PMP) processeso Desired certifications:
Certified Information Systems Security Professional/Certified Information Security Manager (CISSP/CISM), PMP Recommended Skills Assessments Business Processes Business Requirements Certified Information Security Manager Certified Information Systems Security Professional Certified Project Management Professional Apply to this job.
Think you're the perfect candidate? Apply on company site Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
