• Information Security Assessor

    Posted Date 2 weeks ago(1/31/2020 4:44 PM)
    Job ID
    2020-3176
    Location
    US-MD-College Park
    Clearance Required
    Yes
    Other Clearance
    NARA Clearance
  • Position Description

    XLA is looking for an Information Security Assessor to work at National Archives (NARA) in College Park, MD. The Information Security Assessor will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, and process controls in order to evaluate the design and implementation of security controls. The individual will be responsible for risk and compliance management and reporting to include risk assessments, System Security Plans, Security Assessment Reports, Vulnerability Assessment Reports, POA&M management, ISO 27001 requirements, NIST 800 Series Special Publications, Federal Information Processing Standards (FIPS), FedRAMP Authorizations, and other regulatory compliance requirements. The individual will be responsible for assisting in federal audit that may occur during their employment.

     

    Principle Duties and Responsibilities

    • Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps
    • Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
    • Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums
    • Identify, assess, and prioritize identified risks
    • Collect evidence, artifacts, and document findings to support conclusions
    • Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
    • Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
    • Coordinate third-party risk assessments and IT audits
    • Manage remediation efforts and report on the status of control deficiencies
    • Support security initiatives and global policy adherence and awareness efforts
    • Support global information security metrics and reporting program(s)
    • Provide security expertise to business units and key stakeholders
    • Enforce policy adherence and manage formal policy exception requests
    • Provide timely status updates/reporting on assessments and assigned project

    Requirements

    Required Skills, Knowledge and Experience

    • BS/BA in Computer Science, Information Systems, Software Engineering or other related analytical, scientific or technical discipline
    • Five (5) years of experience in IT security, including SA&A and/or IT security risk analysis, preferably in support of the Federal Government.
    • Knowledge of Federal Government SA&A practices and policies, particularly FISMA and NIST Special Publications 800 series.
    • Industry recognized and accepted certifications relating to IT security preferred (CISSP, GIAC, CEH, TNCP, Security+, Network+ etc.).
    • Ability to work independently and also collaborating with application developers, engineers and others.
    • Must be motivated and results oriented.
    • Effective written and oral communication skills.
    • Previous Federal Government experience a plus.
    • Experience using Xacta or CSAM

    Security Clearance

    • NACI / Public Trust

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed