Genzeon ยท 2 days ago
FISMA Compliance Consultant
Maximize your interview chances
Insider Connection @Genzeon
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Lead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of systems based on predefined test objectives and test plans.
Coordinate, and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.
Draft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.
Assist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.
Review the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.
Collaborate on drafting a Security Assessment Report (SAR) that documents the results of the assessment.
Provide insight on NIST 800-53 technical controls during assessments.
Provide recommendations to system owners and information system security officers (ISSOs) for remediating identified vulnerabilities.
Write supporting documentation for security control assessment and other risk management processes and procedures.
Provide recommendations and review of FISMA assessment questions and appropriate remediation actions for our internal assessment documentation platform.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Minimum of three to five years of experience in both security control assessments, and Security Assessment and Authorization (SA&A) activities.
Strong knowledge of FISMA regulation, FIPS standards, NIST 800 series and other applicable guidance.
Knowledge of applicable laws and statutes.
Understanding of new and emerging IT and information security technologies.
Expert understanding of measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
In-depth knowledge, skills, and abilities needed to enforce Information Assurance and Cybersecurity requirements, apply Information System Security (INFOSEC) methodologies and facilitate SA&A as well as continuous monitoring activities, such as vulnerability scans and security control assessments.
Able to analyze and assess vulnerability scan outputs and provide feedback to CISO and system owner.
Able to analyze, assess, control, determine, mitigate and manage risk within a federal management framework or within federal interest computer systems that store, process, display or transmit Personally Identifiable Information (PII).
Experience performing security control assessments against a wide variety of systems including cloud-hosted applications (i.e., SaaS, PaaS, IaaS), web application, Windows and Linux environments, general support systems and Fedramp.
Experience writing documentation of security assessment results.
Experience providing recommendations to system owners and ISSOs for remediating vulnerabilities.
Experience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures.
Strong technical, analytical, and interpersonal skills.
Ability to work in a team-oriented environment.
Preferred
CFCP or similar industry certification is strongly preferred.
Company
Genzeon
Genzeon advances highly effective, secure, and innovative technology solutions for healthcare and retail clients, including intelligent automation, security, compliance, and cloud services.