Information Security Engineer Security Assessments & Authorization (A&A) Project Lead

Information Security Engineer Security Assessments & Authorization (A&A) Project Lead

Vacancy expired!

Information Security Engineer – Security Assessments & Authorization (A&A) Project Lead

Location: Other/Client Site - USSS Headquarters, 950 H Street NW, Washington, D.C. 20223 and other facilities located within the Washington D.C. Metropolitan area. Largely remote during COVID.

Department: U.S. Secret Service (USSS) Enterprise Cybersecurity Services (ECS)

Type: Full Time

Minimum Experience: Experienced

Security Clearance Level Required: DHS Suitability Required
The clearance level stated above must be met for consideration for this specific opportunity. Unfortunately, FTC is unable to sponsor at this time.

Military Veterans and individuals with disabilities are encouraged to apply!

Favor TechConsulting, LLC (FTC) is seeking a talented Information Security Engineer – Security Assessments & Authorization (A&A) Project Lead

with extensive government experience.

Essential Duties & Responsibilities

Role Overview:
Organize, manage, and lead the A&A Project Team activities for all assigned systems and applications by the USSS CISO and ISSOs.

Responsibilities:

• Work closely with the Chief Information Security Officer (CISO) and Deputy CISO to provide guidance and oversight for all requested initiatives. ISSOs shall provide timely and detailed responses to all data calls.
• Lead project discussions in support of the Information Systems Business Owner (ISBO).
• Coordinate with and brief Government staff on all activities pertaining to each IT system as requested.
• Develop a detailed project schedule, listing each SAA/SCA task and milestone, task dependencies, and personnel resources for all systems of responsibility.
• Maintain the Security Authorization or Authorization to Operate (ATO) of their assigned system.
• Track the Security Authorization of all assigned systems.
• Continuously update all security authorization documentation as required by the USSS’s Security and A&A guidelines to achieve Authority to Operate (ATO).
• Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
• Maintain all required documentation to maintain their assigned system’s ATO or system go live dates
• Conduct initial Security Assessment and obtain ATO, in line with NIST SP 800-37 Rev. 2, the USSS Security Assessment and Authorization Guidance
• Determine the baseline IT Security Requirements for IT Systems by, identifying the system boundary, and determining the system and information categories and assisting in completing the FIPS 199
• Document all relevant NIST 800-53 (continuously current version) and USSS’s (continuously current version) Security Controls and/or applicable departmental policies for each IT system the ISSO is responsible for in the Security Plan.
• Draft a Security Package and perform any modifications throughout the lifecycle of the IT system.
• Work closely with the Information System Business Owner (ISBO) to identify any additional controls that are applicable to the system to maintain a favorable security posture.
• Perform and document initial and annual risk assessments of all systems (e.g. General Support Systems (GSS’s), Major Applications (MAJ), sub-system (SUB), Minor applications (MIN), or Low Impact Externally Hosted), and their interconnections.
• Develop and document all supporting Security A&A artifacts, as applicable, such as:
  • Privacy Threshold Assessment (PTA)/Privacy Impact Analysis (PIA);
  • System Security Plan (SP);
  • IT Contingency Plan (ITCP);
  • Business Impact Assessment (BIA);
  • Configuration Management Plan (CMP); and
  • Memorandum of Understanding (MOU) / Interconnection Security Agreement (ISA).
• Develop Security Assessment Report (SAR), when applicable, for the Information System Business Owner (ISBO) and AO briefings.
• Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO) letter
• Provide oversight and advisement on all proposed change requests on an IT System as it pertains to the potential change to the existing Controls Assessment.
• Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.
• Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System. Proper documentation shall be filed and updated as required.
• Manage all applicable POA&Ms throughout the lifecycle of the IT system. This includes but is not limited to the drafting of well-documented waivers and exceptions detailing the potential risk to the Authorizing Official (AO).
• Track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of their assigned system.
• Provide support for all Office of the Inspector General (OIG) and Government Accountability Office (GAO) and other external audit activities.

Required Skills & Experience

• Minimum of five (5) years expertise in leading Information Technology (IT) or IT Security teams, projects, or programs
• Demonstrated experience/knowledge in the following areas:
• NIST Cybersecurity Framework
• NIST Risk Management Framework
• DHS 4300A
• FedRAMP
• FISMA
• Possess a current industry-standard cybersecurity certification (e.g. Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM)

Professional Certification(s):
N/A

Formal Education:
N/A

Years of Professional Experience:
N/A

Desired Skills & Experience

• In-depth skill and experience managing systems security packages (SSPs) in Governance, Risk, and Compliance (GRC) tools: CSAM, eMASS, RiskVision, Archer

Professional Certification(s):
N/A

Formal Education:
N/A

Years of Professional Experience:
N/A

Physical Requirements

• U.S. Citizenship

Additional Information:
FTC requires all employees to be fully vaccinated as a condition of employment unless legally entitled to an accommodation. If you receive an offer of employment, it will be made contingent upon satisfaction of this requirement, and you will be required to show proof that you are fully vaccinated or to promptly engage in an interactive process to allow Human Resources to evaluate potential reasonable accommodations for valid medical or religious reasons. Please do not provide information about whether you are seeking an exemption from the vaccination requirement unless and until you receive a conditional offer of employment from FTC.
U.S Citizenship is required for this specific opportunity and all selected applicants will be subject to a government security investigation. This includes but not limited to; meeting the eligibility requirements for access to classified information and the ability to obtain a government-granted security clearance. Individuals may also be subject to a background investigation including, but not limited to; criminal history, employment verification, education verification, drug testing, and creditworthiness.
Favor TechConsulting is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, marital status, disability, veteran status, sexual orientation, or genetic information.