64 applicants

Company

3 Reasons Consulting, LLC · 5 hours ago

Cybersecurity RMF ISSO

United States

Full-time

Remote

Mid Level

4+ years exp

Maximize your interview chances

Cyber SecurityHealth Care

No H1B

Security Clearance Required

Insider Connection @3 Reasons Consulting, LLC

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Facilitate movement of multiple information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews

Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge

Serve as the Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities

Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs using DISA SCAP Compliance Checker and ACAS in conjunction with hands on manual STIG assessment as necessary

Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts

Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies

Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant change to existing processes

Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports

Assess system compliance against NIST and DoD security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)

Produce evidence as necessary to support compliance status of NIST and DoD security requirements

Work with system administrators, engineers, and ISSM to create or update system/site policies, procedures, and process guides

Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories

Analyze vulnerability scans of information systems and assist in remediation tasks

Lead or attend meetings with stakeholders to discuss statuses of efforts

Submit weekly reports to leadership regarding system/program status

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

CybersecurityRisk Management Framework (RMF)DoD 8570 complianceNIST 800-53DISA STIGsACASHBSSEMASSWindowsLinux/UnixMedical devicesDatabases – MS SQLOracleVMWareCustomer service skills

Required

BS degree and four (4+) years of experience with Cybersecurity/Information Technology.

DoD 8570-compliant (CompTIA Security+ certified)

Demonstrated experience with Risk Management Framework (experience under DHA a plus)

Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, system/site policies, procedures, and processes, architecture diagrams, and hardware/software inventories

Familiarity and experience with the DoD tool eMASS

Familiarity with NIST publications

Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs

Excellent customer service and organization skills

Excellent oral and written communication skills

Active DoD Secret security clearance

Preferred

Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)

Experience in RMF policy development, process improvement, and strategy implementation

Knowledge in Continuous Monitoring and Risk Scoring (CMRS)

Knowledge in one or more of the following technologies: Medical devices, Windows, Linux/Unix, Network Devices, Databases – MS SQL, Oracle, VMWare – Virtualization