RRemotevilleRemote roles worth applying for.

How Remoteville checks and expires listings

Information Assurance Security Specialist

Skills
CybersecurityGovernanceRisk ManagementAnd ComplianceInformation AssuranceNISTRisk Management Framework
Role

What the job involves

The main requirements, responsibilities and hiring steps.

Day to day

  • Work as an information system security subject matter expert (SME) on FISMA NIST standards and guidelines Privacy Act HIPAA E-Gov OMB Circulars A-11 and A-130 and Clinger-Cohen for data and application security
  • Responsible for Assessment and Authorization (A&A) activities for Consular Affairs / Consular Systems and Technology (CA/CST) automated information systems (AIS)
  • Provide A&A support for domestic and oversea deployed systems as well as A&A activities on Cloud systems (IAAS SAAS and PAAS)
  • Track and report status of assigned A&A’s and report any obstacles impacting A&A completion to the A&A Task Lead and Program Manager (PM)
  • Ensure that A&A packages are submitted to IA and follow up to ensure IA approval of each phase prior to systems’ ATO expiration date
  • Analyze production system configuration change requests (CCR) of existing systems to determine security impact using the Security Impact Analysis (SIA) process and maintain security posture and authorization status
  • Support weekly or monthly meetings with Government Technical Monitors (GTMs) and developers
  • Schedule and facilitate boundary meetings RMF Step 1 Kick-off meetings System Categorization meetings and RMF 1-3 Working Groups
  • Gather required information to support system authorization by organizing technical working groups conducting fact-finding interviews attending system demos assessing system security categorization levels establishing system security control baseline and acting as a security advisor to the GTMs during security controls implementation
  • Draft and maintain project schedules for assigned systems through the RMF process
  • Develop update and maintain security application documentation such as Security Categorization Form (SCF) E-Authentication Form (eRA) System Security Plan (SSP)
  • Support development of security application documentation such as Information System Contingency Plan (ISCP) and Privacy Impact Assessment (PIA)
  • Complete data calls in a timely manner including Quarterly POA&M data calls
  • Review monitor and report POA&Ms status to relevant parties including PM ISSS GTM System GTM System Development Team and System Operation Teams
  • Provide guidance to System GTMs and developers on A&A process using NIST Special Publication (SP) 800 series and Department Foreign Affairs Manual (FAM) guidelines
  • Assist and advise System GTMs and developers in the design and development of secure systems architecture and industry best practices for AIS security requirements
  • Attend Agile security scrum meetings with stakeholders and provide feedback