Information Assurance SME

Company: Gridiron IT
Location: Arlington
Posted on: March 16, 2023

Job Description:

GridIron IT is seeking a Policy Information Assurance SME to support a DEA contract in Arlington, VA. Work Arrangement: Hybrid - 2 days a week.

Responsibilities:

• Provide expert advice on all IT Security related areas to include:
• Developing IT Security policies, standards, guidelines, and procedures.
• Ensuring the confidentiality, integrity and availability of information and systems.
• Planning, coordinating, and ensuring successful completion of internal and external IT system security/policy audits.
• Supporting the Department's Cyber Security Assessment and Management (CSAM) system.
• Developing, maintaining, and managing the Plan of Action and Milestone (POA&M) reporting.
• Developing an enterprise risk management framework.
• Establishing an Enterprise Continuous Monitoring Program.
• Shall develop and maintain IT security education awareness and training. Requirements:
  • Federal IT security experience including: FISMA compliance, NIST SP 800 publications
  • Secure IT configuration experienceFDCC, USGCB, CIS benchmarks
  • IT security policy and governance experience - OMB A-130
  • Federal Enterprise Architecture experienceFICAM, CIO Council guidance
  • Certification and Accreditation experience - NIACAP, DIACAP
  • Applicable C&A documentation experience (SSAA, MOU/MOA, SSPs, PIAs, CONOPS, IT system lifecycle documentation, POAM tracking)
  • Security and privacy control assessment experienceNIST 800-53 Rev 4
  • IT risk assessment experience
  • IT security documentation experiencedevelopment of IT security related documents, configuration management plans, system design, logical architecture diagrams
  • IT security vulnerability assessmentvulnerability tool experience
  • Continuous monitoringIT organizational assets visibility, threat awareness, and security control review
  • Incident response experienceIncident response and reporting, IRP development
  • Information system contingency planning experiencecontingency response, planning and reporting
  • Security incident experiencepolicy and procedures for reporting and responding to security incidents
  • Contingency plans to ensure continuity of operations in the face of a disaster
  • Solid knowledge of information security principles and best practices
  • Work directly with internal IT and policy teams to establish and enforce IT security best practices and IT security controls
  • Information security policy and procedure development
  • Experience with IT security best practices of intranet and internet solutions
  • Experience with managing IDS systems and SIEM solutions.
  • Must be a US Citizen.Be able to pass a DEA suitability background check. Education/Experience:
    • Master of Science degree (MS) with at least eight (8) years of technical experience, with six of those years' experience in a specialty discipline at the senior level is preferred.
    • Three plus years' experience in configuration and using various security and network application scanning tools is required.
    • Must be a Certified Information Systems Security Professional (CISSP) or a Certified FISMA Compliance Practitioner.
    • Must have familiarity with government regulations, laws, National Institute of Standards and Technology guidance, and Office of Management and Budget mandates for IT Security.

Keywords: Gridiron IT, Arlington , Information Assurance SME, Other , Arlington, Virginia