Information Assurance Security Specialist (IASS)

About the position

OBXtek is seeking an Information Assurance Security Specialist (IASS) to support the Department of State Consular Affairs (CA/CST) Bureau. The IASS will serve as a subject matter expert (SME) in information system security, focusing on compliance with FISMA, NIST standards, the Privacy Act, HIPAA, E-Gov, and OMB Circulars A-11 and A-130, as well as the Clinger-Cohen Act as they pertain to data and application security. This role is critical in ensuring the security and integrity of automated information systems (AIS) within the Consular Affairs sector, both domestically and for overseas deployed systems, including those hosted in cloud environments (IAAS, SAAS, and PAAS). The IASS will be responsible for conducting Assessment and Authorization (A&A) activities, tracking and reporting the status of assigned A&As, and addressing any obstacles that may hinder the completion of these processes. This includes ensuring that A&A packages are submitted to Information Assurance (IA) and following up to secure approval for each phase of the A&A process before the expiration of the systems' Authorized to Operate (ATO) status. The specialist will analyze production system configuration change requests (CCR) to assess their security impact and will initiate necessary actions to maintain the security posture and authorization status of the systems. In addition to these responsibilities, the IASS will support regular meetings with Government Technical Monitors (GTMs) and developers, facilitating boundary meetings, RMF Step 1 Kick-off meetings, and System Categorization meetings. The role requires gathering information to support system authorization, organizing technical working groups, conducting interviews, and assessing system security categorization levels. The IASS will also draft and maintain project schedules for assigned systems throughout the RMF process and develop various security application documentation, including Security Categorization Forms (SCF) and System Security Plans (SSP). Furthermore, the specialist will assist in the development of Contingency Plans (CP) and Privacy Impact Assessments (PIA), ensuring timely completion of data calls and monitoring the status of Plans of Action and Milestones (POA&Ms). The ideal candidate will possess a strong background in cybersecurity, information assurance, and IT, with extensive knowledge of FISMA compliance and NIST guidelines. They should have hands-on experience in writing essential RMF documentation and conducting RMF activities, particularly in cloud environments. Proficiency in tools such as SharePoint, Microsoft Teams, and the Archangel GRC tool is also required, along with excellent communication skills and the ability to thrive in fast-paced environments.