SC-10226-1
Daily duties / responsibilities:
This implementation assistance would include, but is not limited to:
- Reviewing assessment findings and deficiencies for accuracy, completeness, and validity
- developing and tracking finding remediation plans and recommendations for risk management alternatives
- providing process improvement recommendations and documentation to support the process improvements
- documenting information gathered during both interviews and document reviews to assist with developing formal process and procedures
- assessing agency documentation to ensure adequate approaches are used to comply with controls
- facilitating agency status reporting
- collaborating, often onsite at agency locations, with agencies to provide recommendations for compliance
Security Architect: Required skills:
- Have conducted audit and assessment activities related to industry or government compliance requirements
- have completed an information security plan or system security plan workbook
- prior experience working with FISMA standards
- must have a strong working knowledge of NIST 800-53
- prior experience POA&M or CAP
- strong communication (written and verbal) experience
- experience with GRC processes
- simultaneously manage multiple infosec work efforts
- strong schedule management and resource planning skills
- ability to work at a high-volume and fast pace
- strong collaborator and string ability to meet deadlines
- knowledge of IRS 1075, HIPAA, CJIS, mars-e, and/or PCI-DSS
- ability to identify map and reengineer business processes
Required education/certifications:
- 6+ years' of experience in information security and compliance
- certifications: CISA or CISSP or CISM or GSLC or equivalent