Security, RMF Lead

🕒 Maio 27

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Essnova Solutions, Inc.

SiteLinkedInTodas as Vagas

11 - 50 funcionários

Fundada em 2005

🏛️ Governo

🔒 Cibersegurança

🤖 Inteligência Artificial

Government • Cybersecurity • Artificial Intelligence

A Essnova Solutions, Inc. é uma empresa de tecnologia e serviços profissionais que oferece soluções de TI, serviços de revenda com valor agregado (VAR/ITVAR), soluções geoespaciais e ambientais, aumento de equipe e suporte a saúde, além de serviços de experiência digital do cidadão/cliente para governos federais, estaduais e locais, educação, clientes comerciais e de saúde. A empresa é uma pequena empresa certificada 8(a) e HUBZone com diversos contratos GSA, e foca em migração para a nuvem, big data e IA, informação e cibersegurança, gestão de programas e projetos, e implementação e suporte de tecnologia de ponta a ponta.

Descrição

• Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes. • Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking. • Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence. • Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review. • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools. • Submit monthly authenticated vulnerability and application scan results by the fifth business day. • Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects. • Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes. • Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives. • Produce security-related EPLC artifacts for governance and stage-gate reviews. • Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award. • Support PTA/PIA activities with CDC privacy officials.

🎯 Requisitos

• Bachelor's degree in cybersecurity, information assurance, computer science, or a related field • 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37) • Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems • Experience using vulnerability scanning results to track remediation to closure (including retesting evidence) in a federal environment • Hands-on experience with federal security management tools (CSAM and eMASS) • Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A • Knowledge of FISMA 2014 reporting and OMB security directives • Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes • Experience coordinating with federal ISSOs/CISOs and security authorization officials • Active Tier 4 / High Risk / Public Trust Level 6+ clearance at proposal submission • Eligibility for HSPD-12/PIV • Availability to work during Eastern Time (ET) business hours

🏖️ Benefícios

• Medical, dental, and vision insurance • 401(k) with company match • Paid time off + federal holidays • Fast-track growth in a high-accountability culture