Apply on Employer Site

Maximus · 6 hours ago

Lead Analyst - ISSO

United States

Full-time

Remote

Senior Level, Lead/Staff

$90K/yr - $130K/yr

7+ years exp

Maximus is seeking a Lead Analyst (ISSO) to work directly with the ISO Federal Director to manage the implementation of security policies and procedures for federal requirements. The role involves oversight of FedRAMP Moderate controls, risk assessments, and ensuring compliance with various security standards.

Business Process Automation (BPA)ConsultingEducationGovernmentGovTechHealth CareInformation Technology

No H1B

Security Clearance Required

Responsibilities

Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, as outlined in the Information Security policy, under the direction of the Information Security management team

Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications

Ensure controls are properly and fully implemented to address identified Information Security risks for assigned area of responsibility

Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements

Lead and support audits and client reviews of security posture; coordinate the collection, review and submission of Information Security deliverables and track the remediation of audit findings and exceptions

Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team

Promotion of Information Security awareness through various communication channels within the organization

Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets

Create and manage System Security Plan and creation and or validation of all associated artifacts required to maintain FedRAMP ATO and NIST 800-53 compliance to include but not limited to a System Level Continuous Monitoring (SLCM) Strategy, HW/SW lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, SCRM Plan, Risk Assessment Review (RAR) and Plan of Action and Milestone (POA&M). (50%)

Liaison with Maximus Federal business units, Maximus Corporate business units, system owner, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met. (20%)

Communicate federal requirements to Maximus Information Security Office (ISO) and advise implementation of applicable security controls and hardening standards to governance and technical teams. (10%)

Assist the BISO and ISO Team in the identification and assignment of control owners throughout the organization and continually review controls on organizationally defined periodicities. (10%)

Actively collaborate with Maximus Threat and Vulnerability Management (TVM) Team to ensure applicable technologies are compliant with defined vulnerability remediation timelines and hardening standards via enterprise vulnerability management tools. (10%)

Qualification

FedRAMP complianceNIST 800-53System Security Plan (SSP)FISMA complianceVulnerability managementGSA RMFA&ACustomer serviceMicrosoft OfficeInterpersonal skillsPresentation skillsVerbal communicationWritten communication

Required

Bachelor's degree and 7+ years of relevant professional experience required, or equivalent combination of education and experience

Bachelor's Degree in Computer Science or related field or the equivalent combination of education, training, or work experience

7+ of security or technology related experience

Strong understanding of federal requirements to include but not limited to applicable Executive Orders, FedRAMP, FISMA, FIPS, NIST 800-53, NIST 800-60, and NIST 800-65

Experience developing SSP's and applicable artifacts required for A&A activities

Works on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors

Exercises judgement in selecting methods, techniques, and evaluation criteria for obtaining results

Networks with key contacts outside own area of expertise

Develops solutions to a variety of complex problems

Work requires considerable judgment and initiative

Ability to communicate technical information in understandable business terms

Excellent interpersonal skills, presentation skills, and verbal / written communication skills

Strong customer service abilities required

Ability to work collaboratively with a broad range of staff

Skilled in Microsoft Office software including Word, Excel, and PowerPoint

Ability to perform comfortably in a fast-paced, deadline-oriented work environment