ServiceNow (CAM Module) & RMF SME

Job Description

ECS is seeking a ServiceNow (CAM Module) & RMF SME to work remotely .

• Support the Management of the Agency's Enterprise Governance, Risk & Compliance (GRC) module to ensure accurate operational and ATO status of systems as well as system POCs, and related FISMA inventory attributes per the FISMA Inventory SOP.
• Track and maintain logs for the completion of program related requirements; Develop use cases and test scripts, conduct UAT, and report on findings.
• Review and update existing GRC specific information security policy, standards, and procedures based on federal and departmental regulations.
• Support the development of monthly and weekly status reports summarizing the status of completed, ongoing, upcoming tasks, and work performed.
• Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
• Create and maintain task status documentation for various activities, including outlines, plans, process improvement plan, task timelines, risk registers, lessons learned, requirements documents, meeting agendas, meeting minutes, and others.

Salary Range: $110,000 - $135,000
General Description of Benefits

Required Skills

• Experience with Business Analysis Processes including Requirements Management and Documentation; Data Analysis and Management; and Data flow mapping.
  
• Experience with GRC tools (Required) like Service Now (Preferred)
  
• Experience supporting security assessments and reviewing related documents.
  
• Experience performing Certification and Accreditation (C&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Certification and Accreditation documents.
• Experience with Dashboarding (preferred)
  
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  
• Knowledge of policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the OCC.

Desired Skills

• Strong written and verbal communication skills across all levels of management.
  
• Document and report requirements and deficiencies to both technical and non-technical audiences.
  
• Develop and implement information assurance/security standards and procedures.
  
• Experience writing technical papers documenting results of research, impact and/or risk analysis, recommendations, etc., on evolving threats, new technologies, approaches to address new federal mandates, etc.
  
• Experience developing and reviewing quality security assessment deliverables while ensuring the content of each deliverable is specific to the subject systems, complete, and accurate.
  
• Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays.
  
• Have thorough understanding of NIST Risk Management Framework (RMF) and document OCC's RMF processes.
  
• Conduct reviews and updates of deliverables (compliance and assessment) to ensure quality, consistency, and accuracy with respect to technical editing.
  
• Track status of GRC tickets and requests
• Support end user/user acceptance testing of GRC changes
  
• Meet with the ESM team on OCC's RMF processes to assist with communicating requirements.
  
• Monitor, track, and update GRC ticket statrequests
  
• Create OCC specific SOPS and Job Aids

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.