Risk Management Framework Analyst
The Risk Management Framework Analyst will work seamlessly with the ISSM and other IT Security staff to conduct Authorization to Operate (ATO) activities to include:
-Oversee and actively manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.
-Actively coordinate with the infrastructure teams to plan, develop, implement and test security controls that meet Federal regulations, program objectives, operational needs and user experience.
-Lead the development and maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
-Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to ensure vulnerabilities are remediated as appropriate. Actively manage vulnerabilities mitigation commitments from the integration team.
-Assist in establishing rules for program/project vulnerability scans, risk analyses and security assessments which includes addressing controls defined by OMB A130 Appendix III, FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP500-299 (Draft) for both business operations and technical implementation throughout the eSDLC for the SoS.
-Execute with limited direction or conceptual direction, anticipating customer needs and proactively supporting those needs.
-Assist in establishing a continuous monitoring strategy to proactively survey, monitor, and track security-related defects and the status of their resolutions.
-Review program/project vulnerability scan results and report findings and monitor and track their assessment and subsequent resolution using automated scripts where necessary.
-Monitor for security breaches and participate in incident response activities and investigation of security breaches. Specifically, traditional ISSO audit responsibilities.
-Capture ATO artifacts that support independent assessment activities. Consolidate ATO artifacts for input into the USCB Risk Management Processing System.
-Present status of Risk Management Framework efforts to Government customer and program meetings as required.
-Bachelor’s Degree in a relevant major from an accredited college or university and 10+ years of continuous and progressive experience.
-In-depth technical experience and security exposure with core technologies, including Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, CDM.
-Knowledge of FedRAMP and FISMA regulatory compliance requirements.
-Working knowledge of NIST SP800-53 Rev 4 controls, and implementation methodology with the ability to oversee traceability to the controls.
-Experience working throughout a complete IT Security life-cycle supporting a complex System of Systems.
-Experience working as a compliance and security control planner and implementer.
-Adept at managing change control and technical working group.
-Thorough understanding of the security concepts and intricacies associated with Cloud Computing, Infrastructure, Data Protection, Digital Mobility, Application Security, and Regulatory Compliance.
-Ability to define and manage reporting and measurement systems for IT Security.
-Tools/Technology Experience: Functional knowledge of security tools for both Cloud environments and Data Center, including commercial and open source.
Keywords: Greenbelt MD Jobs, Risk Management Framework Analyst, RMF, Security, Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, Maryland Recruiters, Information Technology Jobs, IT Jobs, Maryland Recruiting
If you are an employer and recruiting for similar IT professionals / positions, please contact our Technical Recruiters at Next Step Systems http://www.nextstepsystems.com/employers_submit_gg.htm. We are a national IT Recruiting Firm / Agency specializing in full-time direct hire Information Technology employment opportunities.
No Corp-To-Corp Or Third Party Recruiters; W-2 Direct Hire Only.