Please note that this is a 1 year contract position.
Provides Cloud Security Architecture and Compliance expertise for the client.
• Works closely with Account Security Officer (ASO), Segment Security Officers (SSO) and Cloud Service Providers (CSP) to ensure FedRAMP compliance
• Provides Cloud Computing Migration Assessments and Accreditations Services (A&A) for Software (SaaS), Infrastructure (IaaS), and Platforms (PaaS) using Federal Risk and Authorization Management Program (FedRamp) compliant criteria.
• Works closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented.
• Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
• Reviews and continuously monitors implemented security controls.
• Creates and maintains security checklists, templates and other tools to aid in the A&A process.
• Performs security control assessment using NIST 800-53A guidance and as per continuous monitoring requirements.
• Performs risk analyses to determine and recommends essential safeguards.
• Proactively mitigates system vulnerabilities and recommends compensating controls.
• Prepares security authorization packages in accordance with the client contractual requirements.
• Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
• Monitors and Maintains client-specific Plan of Action and Milestones and supports remediation activities.
• Monitors and Maintains an inventory of hardware and software for the information system.
• Monitors and Develops, tests and trains on Contingency and Incident Response planning.
• Conducts and reviews independent scans of application with Program Team, network and database and utilizes Managed Security Services Vulnerability Assessment Team (VAT) support as applicable.
10+ years’ experience working as an Information Assurance Analyst for an information technology, information assurance, or information management program
Must possess a minimum of a Bachelor’s Degree or Master’s Degree, PhD or JD in a technical specialty such as cyber security, computer science, management information systems or related IT field (Master's Degree Preferred)
CERTIFICATIONS (One or more required):
CompTIA Security +,
CPTE - Certified,
Penetration -Testing Engineer,
CEH - Certified Ethical Hacker, Certified
KNOWLEDGE AND SKILLS REQUIRED:
• Excellent communications skills
• Fluent in English, grammar and communication
• Ability to influence OCISO Delivery system stakeholders in the execution of security and compliance requirements
• Knowledge of the security countermeasures and overall RMF and NIST compliance Experience as a Security consultant in Risk and Compliance
• Experience in working with security mgt including information governance and compliance
• Good understanding of Assurance Practices and Risk Management, hands on experience;
• Experience of security processes and standards, in particular NIST 800-series and RMF
• Knowledge of security audit and accreditation processes
• Ability to interpret request for proposal and respond to security and compliance requirements
• Knowledge of Federal Security, industry and market trends and client offerings
• Understands client solutions - what they consist of, product roadmaps, IT concepts
• Understands how cyber security GRC requirements fit within or interface with the sales of other solutions in client and client's partner strategies
• Understands federal security and regulations impacting security requirements to develop strategies for supporting internal Client operations
Applicants must provide their phone number. Reference Job Number A157
San Francisco, CA, 94159Contact