Security, RMF Lead

🕒 il y a 13 jours

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Essnova Solutions, Inc.

Site WebLinkedInTous les Emplois

11 - 50 employés

Fondée en 2005

🏛️ Gouvernement

🔒 Cybersecurity

🤖 Intelligence artificielle

Government • Cybersecurity • Artificial Intelligence

Essnova Solutions, Inc. est une entreprise de services technologiques et professionnels qui fournit des solutions informatiques, des services de distributeur à valeur ajoutée (VAR/ITVAR), des solutions géospatiales et environnementales, de l'augmentation de l'effectif et un soutien en matière de santé, ainsi que des services d'expérience numérique pour les citoyens et les clients aux gouvernements fédéral, étatique et local, à l'éducation, aux clients commerciaux et du secteur de la santé. La société est une petite entreprise certifiée 8(a) et HUBZone avec plusieurs véhicules de contrats GSA et se concentre sur la migration vers le cloud, les mégadonnées et l'IA, l'information et la cybersécurité, la gestion de programme et de projet, et la mise en œuvre et le soutien technologique de bout en bout.

Description

• Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes. • Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking. • Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence. • Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review. • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools. • Submit monthly authenticated vulnerability and application scan results by the fifth business day. • Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects. • Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes. • Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives. • Produce security-related EPLC artifacts for governance and stage-gate reviews. • Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award. • Support PTA/PIA activities with CDC privacy officials.

🎯 Exigences

• Bachelor's degree in cybersecurity, information assurance, computer science, or a related field • 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37) • Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems • Experience using vulnerability scanning results to track remediation to closure (including retesting evidence) in a federal environment • Hands-on experience with federal security management tools (CSAM and eMASS) • Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A • Knowledge of FISMA 2014 reporting and OMB security directives • Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes • Experience coordinating with federal ISSOs/CISOs and security authorization officials • Active Tier 4 / High Risk / Public Trust Level 6+ clearance at proposal submission • Eligibility for HSPD-12/PIV • Availability to work during Eastern Time (ET) business hours

🏖️ Avantages

• Medical, dental, and vision insurance • 401(k) with company match • Paid time off + federal holidays • Fast-track growth in a high-accountability culture