Creative Systems and Consulting LLC. is a leading provider of IT management consulting services and cloud solutions to Federal agencies. Our services focus on enabling Federal Agencies meet their modernization and transformation requirements. Creative focuses on offering full range of planning, implementation and operations of Cloud based systems. Our project teams work with federal agencies to quickly solve mission-critical problems by identifying, designing, and implementing technology enabled solutions to improve their strategies and operations.
Job ID: ISSO-042016
Creative is currently seeking to hire an experienced, highly qualified and capable full time ISSO to support our project in Washington, DC. This position is responsible for ensuring compliance with all relevant Federal, departmental and agency information system security requirements.
Roles & Responsibilities
- Reducing or mitigating information system security risks through thorough reviews and recommendations and optimized information system security processes and procedures from best practices and leading expertise.
- Develop, correlate and document audit test plans within the context of A-123 and FISMA compliance reviews.
- Develop and document the criteria, condition, cause, effect of identified deficiencies and recommend courses or remedial action
- Conduct validation testing on remediation measure taken to remediate Plans of Action and Milestones (POA&M) created in response to discovering validated vulnerabilities or deficiencies.
- Update and monitor (monthly) a NIST-compliant continuous monitoring process across all FS major information systems to provide periodic assurance and metrics to FS senior management on the security protections of FS major information systems.
- Support annual assessment of a USDA identified subset of security controls (key plus one third) across all major information systems.
- Validate and enter test results and artifacts into the USDA Cyber Security Assessment and Management (CSAM) repository.
- Provide recommendations and guidance for corrective action of all non-compliant security controls to conform to USDA Plan of Actions and Milestones (POA&M) guidance.
- Provide monthly artifact tracking and metrics information.
- Update categorization of all Major Systems (up to 20 systems) in accordance with Federal Information Processing Standards (FIPS) 199, Standard for Security Categorizations of Federal Information and Information Systems annually.
- Provide support for verifying compliance with OMB Circular A-123.
- Develop, update and execute test plans of the OMB Circular A-123 internal control assessments.
- Determine, gather, examine, and analyze artifacts related to OMB Circular A-123 security control assessments and remediation verification.
- Enter test results and artifacts into the USDA CSAM repository.
- Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.
- Support USDA A-123 Team review of assessment activities, reports, and conclusions.
- Provide recommendations and guidance for corrective action of all non-compliant security controls.
- Provide security expertise to verify NIST SP 800-53 security controls are implemented, resulting documentation and artifacts are current and monthly reporting of artifact and POA&M status and metrics.
- Provide guidance to key stakeholders on the necessary components to demonstrate the achievement of control objectives.
- Provide security support for the Application/Data Center Migration Effort to consolidate up to 25 regional applications/tables per year.
- Assist in identification of applications/tables in the FS environment to be migrated to FS Data Centers.
- Identify and analyze existing IT Security processes and procedures within the agency.
- Provide recommendations to meet new IT Security goals and objectives.
- Optimize underlying processes to achieve more efficient results.
- Align agency business processes to realize IT Security goals.
- Work with Security Engineers to determine applicability and risk to the enterprise.
- Work with the applicable enterprise System Management Experts (SME), Architecture and Integrated Engineering Services (IES) to identify the necessary outcome for remediating the risk to the enterprise.
- Create Change Requests (CR)/remediation tasks in systems of record and track the change through to completion.
- Manage and respond to Remedy tickets associated with security issues.
- Work with enterprise security scanning and SME’s to verify the remediation.
- Partner with key stakeholders to ensure timely remediation, mitigation, generation of POA&M or acceptance of risk
- Provide monthly remediation status report with summary of ongoing issues and metrics.
Candidate must have industry best practice professional security certifications and training to include at least one of the following: CISSP, CISM or CISA
Prior experience working with Federal government security programs.
Applicant must have Bachelor’s degree in Computer Science or related field and a minimum of 5 years of experience working with Federal government security programs.
Please reference Job ID: ISSO-042016 when applying to this position.
How to Apply