Please note that this is a 1 year contract position.
Job Description: The position is responsible for completing Governance Risk and Compliance (GRC) functions that entails security control implementation, continuous monitoring, and federal Assessment and Authorization (A&A) activities within Client.
The following are the primary responsibilities:
• Works closely with client to ensure operational security measures are implemented.
• Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
• Reviews and continuously monitors implemented security controls.
• Creates and maintains security checklists, templates and other tools to aid in the A&A process.
• Performs security control assessment using NIST 800-53A guidance and as per continuous monitoring requirements.
• Performs risk analyses to determine and recommends essential safeguards.
• Proactively mitigates system vulnerabilities and recommends compensating controls.
• Prepares security authorization packages in accordance with the client contractual requirements.
• Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Maintains client-specific Plan of Action and Milestones and supports remediation activities.
• Maintains an inventory of hardware and software for the information system.
• Develops, tests and trains on Contingency and Incident Response planning.
• Conducts independent scans of application, network and database and utilizes Managed Security Services Vulnerability Assessment Team (VAT) support as applicable.
The ISSO operates as a trusted advisor in the organization, working with client management and focusing specifically on the security environment in relation to client business objectives. The ISSO helps to understand operational issues and plans the next steps in collaboration with Account ASOs from an information security viewpoint. The position will be able to demonstrate industry expertise and understanding of security governance and compliance. This position requires the ability to interact and influence at an organizational level to carry out governance, risk and compliance activities.
Qualifications: • Must be able to be pass US Government Clearance processes - Secret Level or Public Trust
• Education and Experience Required:
- 5-7 years’ experience working in a risk management, audit, security or technical delivery role
- Bachelor or master degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)
- Knowledge of the security countermeasures and overall RMF and NIST compliance regulations
- Excellent and effective communication skills
- Ability to work effectively in diverse, multi-national and virtual environments
- Self-motivated and tenacious
- Demonstrate sound judgment and integrity
- Experience in overall Security Risk and Compliance initiatives
- CISSP, CISM/CISA or CRISC a plus
- Fluent in English
Candidates must have all required skills/experience to be considered.
For consideration, please reference job number 1529.
San Francisco, CAContact