Cybersecurity Analyst ISSOP

$80,001 - $80,001/Yr

SAIC - Washington, DC

posted 8 days ago

Full-time - Entry Level
Washington, DC
Professional, Scientific, and Technical Services

About the position

SAIC is seeking an experienced Information System Security and Privacy Officer (ISSPO) to support a US government agency in the National Capital Region. The ISSPO will play a crucial role in IT Security Governance, Risk, and Compliance, working closely with Federal Information System Security and Privacy Officers to manage and document the agency's security posture. This position involves collaboration with various IT professionals to ensure compliance with agency policies and procedures, and to guide efforts in obtaining and maintaining RMF Authorities to Operate (ATO) for systems across a complex network infrastructure.

Responsibilities

  • Provide Risk Management Framework (RMF) and Authorization and Accreditation (A&A) activities, including developing and maintaining systems Authority to Operate (ATO) package documentation.
  • Establish procedures and processes to track and mitigate risks identified during the ATO process.
  • Provide data categorization guidance to system owners.
  • Develop and update Interconnection Security Agreement documentation as needed.
  • Support customer responses to ongoing information system audits.
  • Develop and update System Security Plans (SSPs) and supporting documentation.
  • Assist with tailoring of security control baselines for general support systems and other FISMA reportable systems, including cloud systems utilizing FedRamp controls.
  • Collect and validate control implementation statements from subject matter experts.
  • Oversee development of security and privacy control implementation statements per NIST SP 800-53 and agency security policy standards.
  • Assist with the migration to NIST SP 800-53 Rev 5, identifying gaps and providing understanding of new requirements to technical teams for implementation.
  • Conduct security reviews for changes impacting hardware, software, baselines, connections, or applications.
  • Review and assess POA&M outputs, recommending additional work or closure.
  • Support the continuous monitoring program as necessary when Information System Continuous Monitoring (ISCM) results will be used to support continuing authorization requirements or ongoing authorizations.
  • Document and communicate control deficiencies for POA&M consideration.
  • Assist in developing security policies, ensuring compliance, and updating documentation.
  • Provide information for status reports, briefings, schedules, and project plans in written and oral form.

Requirements

  • Undergraduate degree with ten years of experience or Graduate degree with nine years of experience in IT Infrastructure, IT Security, and/or Governance, Risk and Compliance (GRC).
  • One or more current Security certifications (CISSP, CISM, Security+).
  • Knowledge of RMF accreditation packages and all steps of the RMF process.
  • Experience in Security, Privacy Assessment and Authorization (SPA&A) activities and ATO package creation.
  • Experience working with RMF and NIST SP 800-53 (Rev 4/5).
  • Knowledge of cyber-attack patterns, tactics, techniques, and procedures.
  • Ability to adapt security processes/tools to evolving landscapes and risk scenarios.
  • Familiarity with IT Audits using FISCAM processes and procedures.
  • Experience with NIST Risk Management and Cybersecurity Framework, FISMA, NIST SP 800-53, and IT control processes.
  • Experience with GRC frameworks/tools (RSAM, CSAM) and SA&A tools (Xacta).
  • Very strong technical understanding of Windows and Linux platforms.
  • Experience taking IT and network system(s) through the ATO process.
  • Ability to tailor information security processes and tools, based on ever evolving and changing landscapes, doctrine, and risk scenarios.
  • Comprehensive knowledge performing and identifying impacts as well as consideration of existing risk mitigation strategies.
  • Experience with auditing control implementations and communicating risks associated with control deficiencies or gaps.
  • Experience with SharePoint lists and workflows, and general project management tools.
  • Ability to work effectively independently as well as within a team environment.
  • Fluency in both spoken and written English, including the ability to work with highly technical and specialized content.
  • Ability to work in a fast-paced environment while maintaining outstanding customer service skills.
  • Must be flexible with work schedule during surge periods of support.
  • Ability to document processes as needed.
  • Proficiency in explaining complex policies and protocols in simple terms.
  • Stays updated on IT trends and security standards.
  • Demonstrates excellent analytical thinking and problem-solving skills to assess potential risks and develop possible solutions.

Nice-to-haves

  • A solid understanding of IT security controls, tools, and concepts.
  • Experience working in a technical environment with IT platforms such as Microsoft Office 365, Azure, Cisco, Oracle.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service