ZipRecruiter - McLean, VA
posted 24 days ago
Full-time - Mid Level
McLean, VA
About the position
The Information Systems Security Management - Expert role is responsible for managing a team of analysts focused on safeguarding information systems assets and protecting them from unauthorized access or destruction. This position involves supporting the Agency's Risk Management Framework (RMF) processes, coordinating security policies, and ensuring compliance with established security standards and methodologies.
Responsibilities
- Manage analysts to ensure the safety of information systems assets.
- Support the Agency RMF Workflow and Processes by proposing and enforcing security policies.
- Coordinate with Data Custodian, Project Owner, and ISSM to identify information types and assign security categorizations.
- Document controls in the information security and privacy plan to meet CISO guidance.
- Maintain current system information in XACTA to support organizational requirements.
- Evaluate the impact of network and system changes using RMF processes.
- Address and remediate anomalies identified under the Sponsor's Information Security Continuous Monitoring activities.
- Submit recommendations for system configuration deviations from the required baseline.
- Develop and maintain a system security plan (SSP).
- Conduct periodic reviews to ensure compliance with the SSP.
- Ensure configuration management for security-relevant IS software, hardware, and firmware is maintained.
- Monitor system recovery processes to ensure security features are restored.
- Ensure all IS security-related documentation is current and accessible to authorized individuals.
- Notify appropriate individuals of changes that might affect authorization.
- Participate in governance and project reviews identified by the Sponsor.
Requirements
- Strong documentation skills.
- Experience with XACTA 360, Continuum, and other SCAP Compliant tools.
- Working experience with RMF, ICD 503, CNSSI 1253, NIST SP 800-53/53A, and STIGs.
- Bachelor's Degree in an IT-related field.
Nice-to-haves
- Certified Ethical Hacker (CEH) certification.
- Certified Information Systems Security Professional (CISSP) certification.
- Certified Information Systems Auditor (CISA) certification.
- NIST Cybersecurity Framework (NCSF) certification.
- AWS Solutions Architect Associate or Professional certification.
