• Develop and coordinate all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Security Assessment Report.
• Support security control assessments, reporting, and monitoring processes utilizing standard governance, risk, and compliance (GRC) tool.
• Coordinate, track, and report status and concerns related to Plan of Action and Milestones (POA&Ms) and Risk Acceptance Forms (RAFs).
• Support and document security controls tests, coordinate remediation, and ensure POA&Ms are appropriately managed.
• Review existing SA&A documentation, System Security Plan (SSP), Security Assessment Report (SAR), and other supporting artifacts.
• Assess and document compliance with NIST 800-53, Security and Privacy Controls.
• Acting as the primary point of contact for all information security matters, inquiries, and management reporting pertaining to the information system including FISMA reports, security control assessments and authorization, and audits.
• Ensuring that a system security plan is completed and kept current and in compliance with Department’s standards.
• Ensuring the information system receives and maintains a valid authority to operate (ATO) at all times.
• Ensure compliance with federal regulations and privacy laws.
• Remaining current on the duties pertaining to the roles and responsibilities of an ISSO.

Minimum/General Experience:

• Three (3) years of experience or more assessing and documenting FISMA/FedRAMP security control assessment for system(s), infrastructure(s) and/or applications (on-premises and/or cloud) in compliance NIST SP 800-53 security controls and SP 800-171 Risk Management Framework (RMF) processes.

Preferred Additional Skills:

• One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) scans for enterprise endpoint devices to ensure patch and configuration compliance.
• Technical background that will assist in complying with the NIST SP 800-53 security controls and gather evidence to support compliance.
• Bachelor's Degree in Computer Science, Software Engineering or equivalent STEM field and 10+ years’ experience related to systems engineering, implementation, and monitoring.
• Allowable Substitution for bachelor’s degree is 7 years of relevant experience
• Must be able to obtain and maintain an active Public Trust 6C clearance

Preferred Certifications:

• CISSP
• CAP
• Security+
• CEH