Security, RMF Lead

🕒 vor 19 Tagen

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Essnova Solutions, Inc.

WebsiteLinkedInAlle Stellen

11 - 50 Mitarbeiter

Gegründet 2005

🏛️ Regierung

🔒 Cybersecurity

🤖 Künstliche Intelligenz

Government • Cybersecurity • Artificial Intelligence

Essnova Solutions, Inc. ist ein Technologie- und Beratungsunternehmen, das IT-Lösungen, Mehrwert-Reseller-Dienste (VAR/ITVAR), geospatiale und umwelttechnische Lösungen, Personalverstärkung sowie Unterstützung im Gesundheitswesen und digitale Bürger- und Kundenerfahrungsdienste für Bundes-, Landes- und Kommunalbehörden, Bildungsinstitutionen, Gewerbe- und Gesundheitskunden bietet. Das Unternehmen ist ein zertifiziertes 8(a) und HUBZone Kleinunternehmen mit mehreren GSA-Vertragsfahrzeugen und konzentriert sich auf Cloud-Migration, Big Data und KI, Informations- und Cybersicherheit, Programm- und Projektmanagement sowie die vollständige Implementierung und den Support von Technologien.

Beschreibung

• Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes. • Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking. • Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence. • Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review. • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools. • Submit monthly authenticated vulnerability and application scan results by the fifth business day. • Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects. • Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes. • Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives. • Produce security-related EPLC artifacts for governance and stage-gate reviews. • Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award. • Support PTA/PIA activities with CDC privacy officials.

🎯 Anforderungen

• Bachelor's degree in cybersecurity, information assurance, computer science, or a related field • 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37) • Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems • Experience using vulnerability scanning results to track remediation to closure (including retesting evidence) in a federal environment • Hands-on experience with federal security management tools (CSAM and eMASS) • Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A • Knowledge of FISMA 2014 reporting and OMB security directives • Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes • Experience coordinating with federal ISSOs/CISOs and security authorization officials • Active Tier 4 / High Risk / Public Trust Level 6+ clearance at proposal submission • Eligibility for HSPD-12/PIV • Availability to work during Eastern Time (ET) business hours

🏖️ Vorteile

• Medical, dental, and vision insurance • 401(k) with company match • Paid time off + federal holidays • Fast-track growth in a high-accountability culture