Medical Science & Computing (MSC) is an exciting growth oriented company, dedicated to providing mission critical scientific and technical services to the Federal Government. We have a distinguished history of supporting the National Institutes of Health (NIH) and other government agencies. MSC offers a dynamic and upbeat work environment, excellent benefits and career growth opportunities.
We attract the best people in the business with our competitive benefits package that includes medical, dental and vision coverage, 401k plan with employer contribution, paid holidays, vacation, Medical and Flexible Spending Accounts, Pre-Tax Transit Assistance and tuition reimbursement. If you enjoy being a part of a high performing, professional service and technology focused organization, please apply today!
We are currently searching for a Security Assessment and Authorization Specialist to provide support to the National Institutes of Health (NIH). This opportunity is a permanent, full-time position with MSC and it is on-site in Bethesda, Maryland.
Duties and Responsibilities:
- Supports the ISSO with coordination, implementation, communication, and application of IT security policies. Lead systems certification and accreditation / system accreditation & authorization certification effort, including regular security audits and vulnerability assessments of IT systems by selecting, implementing, and monitoring security controls using approved procedures
- Perform IT systems security risk assessment and ensured that System Security Plans, Risk Assessments, Security Control Assessments, Privacy Impact Assessments, POA&Ms, and other documents are developed and maintained as commensurate with the sensitivity and criticality of the system.
- Ensured compliance with legislation, Executive Orders, OMB directives, and other mandated requirements (e.g., FISMA). Apply NIST guidance and HHS and NIH policies and procedures. Assist with the development of Institute policies, plans, and procedures. Provided guidance on implementing
- Create and maintain Contingency Plans (CPs) for numerous information systems. Evaluate preventative controls during annual assessments to ensure that controls designed to deter, detect, and reduce impacts to systems are operating effectively and as intended. Discuss contingency strategies (i.e., backup and recovery, backup methods, equipment replacement) with key stakeholders. Work with key stakeholders to develop manual operation procedures.
- Design and facilitate CP testing and training, including functional and tabletop exercises, to train key contingency personnel on their roles and responsibilities and to validate plan content and effectiveness. Document findings and lessons learned and ensure and validate that POA&M items were mitigated within required timeframes.
- Conducted Business Impact Analyses (BIAs) in conjunction with key system stakeholders to identify resource requirements and recovery priorities for system resources. Assist in maintaining and improving Continuity of Operations Plan.
- Collaborate with team members and PM on requirements analysis, design, configuration, change and risk management, documentation, planning, accessibility remediation and compliance, and security and quality assurance;
- Establish productive working relationships and maintain effective communications with teammates and end-users. Promote ITIL best practices and achieve the established Service Level Agreements. Contribute innovative ideas in support of continuous improvement goals.
- Bachelor’s Degree in Computer Science, Information Systems, or other related business, scientific, or technical discipline
- Minimum of 5 years’ experience planning and implementing business continuity of operations plan, securing information systems and IT infrastructure, and SA&A process
- Proven experience IT systems security assessment and risk management, including understanding of enterprise architecture, secure operations and management of systems, networks, configuration management, infrastructure architecture, database architecture, and related industry best practices
- Experience maintaining enterprise security documentation related to System Security Plans, Risk Assessments, Security Control Assessments, Privacy Impact Assessments, POA&Ms
- Exceptional customer service skills including the ability to effectively and confidently communicate with technical and nontechnical end-users;
- Ability to obtain a Public Trust Clearance.
- Ability to adapt to rapidly changing requirements with a flexible and creative approach to brainstorming, troubleshooting, and problem solving
- Experience in a scientific research and development (R&D) environment with demonstrated ability to analyze problems and propose multiple alternative solutions
- Experience working in FISMA Moderate and High environments
- ITIL v3 Foundation or higher level certification
Medical Science & Computing is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected Veteran status.