Information Security Risk Specialist

Key Role:

Serve as a Mid-Level Information Systems Security Officer (ISSO) for appointed systems. Work with system owners, create and maintain Assessment and Authorization (A&A) documentation, including system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones to support Authorization to Operate (ATO) decisions. Capture and refine information security requirements for new systems or for enhanced functionality on an existing system and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC). Implement information security standards and procedures. Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

Basic Qualifications:

• 7 years of experience with information assurance or cybersecurity
• Knowledge of NIST Risk Management Framework at the subject matter expert level, including SP 800-30, 37, 39, 53, and 53-A
•  Knowledge of FEDRamp, DHS and OMB compliance standards
• Ability with supporting system security and authorization processes
• Ability to guide the development of enterprise-specific implementation guidance for agency management
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• Bachelor’s degree
• Security + (Plus) Continuing Education (CE) Certification, CAP or Certified Information Security Manger (CISM) Certification or CISSP Certification or Global Information Assurance Certification (GIAC) Certification or Security Leadership (GSLC) Certification

Additional Qualifications:

• Knowledge of risk and how to measure risk for IT systems
• Knowledge of IT systems used in healthcare or health research
• Ability to interact effectively with senior management and leadership
• Possession of excellent verbal and written communication skills

Vetting:

Applicants selected will be subject to a government investigation and may need to meet eligibility requirements of the U.S. government client.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, ID15-C