Security Control Assessor, Lead - Washington, United States - Bering Straits Native Corporation (BSNC)
&v=024){kind=logo}
Description
Overview:
SUMMARY
Bering Global Solutions, LLC, a subsidiary of Bering Straits Native Corporation is currently seeking a qualified Security Control Assessor, Lead for a government client in Washington, DC.
The selected individual will guide system owners, designated IT security personnel in the program offices, and other staff in fulfilling Federal Information Security Management Act (FISMA) requirements.
The Security Control Assessor, Lead works to analyze, plan, and execute the work necessary to ensure the confidentiality, integrity and availability of the federal client's IT systems, network, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures and tools.
Responsibilities:
ESSENTIAL DUTIES & RESPONSIBILITIES
- The Essential Duties and Responsibilities are intended to present a descriptive list of the range of duties performed for this position and are _not_ intended to reflect all duties performed within the job. Other duties may be assigned. _
- Plan, develop, review and maintain baselines for client's information system to such as, System Security Plans, Software & Hardware Boundaries Documents and Diagrams, Control Implementation Matrix, Inheritance and Overlay Memos, Security Assessment and Authorization artifacts and ATO packages.
- Lead and facilitate meetings with system owners, executive management, staff, and contract partners and technical personnel to provide IT security guidance, define system boundaries, and establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards, and guidelines.
- Plan, develop, and conduct vulnerability and compliance scans, contingency plan testing, and risk assessment on client's information systems. Analyze results to identify and mitigate risk to IT systems, identify training opportunities, and update and improve information systems documentation in accordance with client's IT security policies and System Security Plan (SSP).
- Participate in internal and external reviews, inspections, Security Assessments and Authorizations and audits to ensure compliance with federal laws, client's security policy as well as FISMA and NIST requirements.
- Provide expert security advice to system development organizations to ensure adequate security controls are included in each system lifecycle phase.
- Lead remediation efforts when security controls are insufficient, weaknesses are identified in network security configurations, and vulnerabilities deviate from client's security policy or federal guidelines by recommending corrective actions to mitigate identified deficiencies and developing POAMs.
- Review and analyze information system audit records for unusual or potentially unauthorized activity. Conduct investigations into activities which are in violation of system and organization security policies.
- Incorporate organizational continuous monitoring solutions into information system operations. Ensure compliance with client's continuous monitoring policies and procedures.
Qualifications:
QUALIFICATIONS - EXPERIENCE, EDUCATION AND CERTIFICATION
- To perform this job successfully, an individual must be able to satisfactorily perform each essential duty. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions._
Required (Minimum) Qualifications
- Basiclevel understanding of basic computer and networking technologies:
- TCP/IP stack
- Windows operating systems
- Linux/Unixbased operating systems
- Networking technologies (routing, switching, VLANs, subnets, firewalls)
- Common networking protocols
- SSH, SMB, SMTP, FTP/SFTP, HTTP/HTTPS, DNS, etc
- Common enterprise technologies
- Active Directory, Group Policy, VMware vSphere
- Moderatelevel understanding of IT security principles, technologies, best practices, and NIST guidance
- Logical Access Control
- PKI and other encryption method
- DISA STIG Security configuration baselines
- Auditing
- Vulnerability discovery and management
- NIST SP rev. 4 control
Must be Certified Information Systems Security Professional (CISSP) Certified:
- Excellent communications skills. Ability to communicate with senior management and federal client staff
- both technical and non-technical
- in a clear and concise manner using proper spelling, punctuation and grammar.
- Mastery of federal IT security laws such as the Federal Information Security Management Act (FISMA), policies, regulations, requirements, Executive Orders and Presidential Decision Directives such as EO 13556, HSPD12, OMB Memos M0616, and M0716; NIST 800 series, the federal IT security and incident reporting hierarchy.
- Knowledge and experience in categorizing systems per
More jobs from Bering Straits Native Corporation (BSNC)
-
Executive Operations Coordinator
Washington, United States - 3 days ago
-
Quality Control Manager
Denver, United States - 3 weeks ago
-
Executive Administrative Assistant
Washington, United States - 2 weeks ago
-
Cyber Threat Intelligence Analyst
Washington, United States - 2 weeks ago
-
Office Assistant
Nome, United States - 3 weeks ago
-
Construction Inspector
Santa Fe, United States - 1 week ago