Centurion is hiring a RMF Analyst to support one of our clients out of the Washington, DC area. This position will require the individual to work onsite 3 days a week in DC.
KEY RESPONSIBILITIES:
- Serve as the principal advisor to the information system owner (SO), Information Systems Security Manager (ISSM), Chief Information Security Officer (CISO) on all matters (technical and otherwise) involving the security of assigned information systems.
- Participate in planning and management of all phases of the House Risk Management Framework (RMF) Security Assessment and Authorization (A&A) process.
- Complete required A&A activities on assigned IT systems.
- Ensure that the appropriate operational cybersecurity posture is maintained for assigned Chief Administrative Officer (CAO) systems to provide confidentiality, integrity, and availability of information systems. For each system assigned to an ISSO, the ISSO will be responsible to complete and keep updated the following security documentation:
- Security Impact Analysis (SIA)
- Information Sensitivity Security Assessment
- System Security Plan (SSP)
- Plan of Action and Milestones (POA&M)
- Information Technology Risk Acceptances
- Configuration Management Plan
- Supply Chain Risk Management Plan
- Interconnection Security Agreements
- Memorandums of Understanding
- Information Data Exchange Agreements
- Vulnerability Reports
- Authorization Letters
- Perform continuous monitoring of implemented security controls to ensure that they are implemented correctly, operating as intended and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems. Conduct continuous monitoring activities, to include:
- Maintenance of current ATO
- Conducting periodic system self-assessments
- Review periodic vulnerability scan reports and compliance reports
- Ensure stakeholders are performing system log reviews as defined in the SSP
- Ensure assigned IT system user accounts are periodically reviewed for accuracy and completeness
- Work with technical teams to mitigate security control deficiencies and vulnerabilities for assigned IT systems.
- Assess the cybersecurity impact of changes to assigned IT systems and document findings in a SIA report and brief stakeholders.
- Conduct self-assessments of security controls, identify weaknesses and track remediation activities in POA&M.
- Manage the POA&M process for designated IT systems to provide timely detection, identification and alerting of non-compliance issues. In coordination with SO staff, create POA&Ms or remediation plans for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Provide the required system access, information, and documentation to security assessment and audit teams.
REQUIRED EDUCATION & EXPERIENCE:
- Five (5) or more years of demonstrated experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful security authorization of such systems.
- Strong working knowledge and familiarity with NIST publications and privacy frameworks.
- Strong Risk Management Framework (RMF) experience.
- Demonstrated understanding of cloud service models, hybrid models, financial applications, and mobile security technologies and tools.
- Demonstrated experience supporting an industry risk management tool executing A&A activities.
- Bachelor’s degree in computer science, information technology, cybersecurity, or a related technical discipline required.
Desired:
- Current and maintained certification in one or more of the following IT Security disciplines: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification.
Position Details:
Clearance: N/A
US Citizenship or Authorization to work in US required
Travel: < 10% (CONUS)
Centurion Consulting Group, LLC is an Equal Opportunity Employer EOE M/F/D/V
No third parties or subcontractors
#J-18808-Ljbffr