FISMA Compliance Consultant @ Genzeon | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
FISMA Compliance Consultant jobs in United States
83 applicants
company-logo

Genzeon ยท 2 days ago

FISMA Compliance Consultant

ftfMaximize your interview chances
Information TechnologyRobotics
check
Growth Opportunities
Hiring Manager
Tanushree Das
linkedin

Insider Connection @Genzeon

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of systems based on predefined test objectives and test plans.
Coordinate, and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.
Draft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.
Assist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.
Review the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.
Collaborate on drafting a Security Assessment Report (SAR) that documents the results of the assessment.
Provide insight on NIST 800-53 technical controls during assessments.
Provide recommendations to system owners and information system security officers (ISSOs) for remediating identified vulnerabilities.
Write supporting documentation for security control assessment and other risk management processes and procedures.
Provide recommendations and review of FISMA assessment questions and appropriate remediation actions for our internal assessment documentation platform.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

FISMA ComplianceSecurity AssessmentAuthorizationNIST 800-53Vulnerability ManagementCloud-hosted applicationsWindowsLinux environmentsRisk managementDocumentation writingCFCP certification

Required

Minimum of three to five years of experience in both security control assessments, and Security Assessment and Authorization (SA&A) activities.
Strong knowledge of FISMA regulation, FIPS standards, NIST 800 series and other applicable guidance.
Knowledge of applicable laws and statutes.
Understanding of new and emerging IT and information security technologies.
Expert understanding of measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
In-depth knowledge, skills, and abilities needed to enforce Information Assurance and Cybersecurity requirements, apply Information System Security (INFOSEC) methodologies and facilitate SA&A as well as continuous monitoring activities, such as vulnerability scans and security control assessments.
Able to analyze and assess vulnerability scan outputs and provide feedback to CISO and system owner.
Able to analyze, assess, control, determine, mitigate and manage risk within a federal management framework or within federal interest computer systems that store, process, display or transmit Personally Identifiable Information (PII).
Experience performing security control assessments against a wide variety of systems including cloud-hosted applications (i.e., SaaS, PaaS, IaaS), web application, Windows and Linux environments, general support systems and Fedramp.
Experience writing documentation of security assessment results.
Experience providing recommendations to system owners and ISSOs for remediating vulnerabilities.
Experience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures.
Strong technical, analytical, and interpersonal skills.
Ability to work in a team-oriented environment.

Preferred

CFCP or similar industry certification is strongly preferred.

Company

Genzeon

twittertwittertwitter
company-logo
Genzeon advances highly effective, secure, and innovative technology solutions for healthcare and retail clients, including intelligent automation, security, compliance, and cloud services.

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Vikram Pendli
Chief Technology Officer
linkedin
Company data provided by crunchbase
logo

Orion

Your AI Copilot