Information Security Risk & Compliance Specialist

The Information Security Specialist will be responsible for executing and assisting in the completion of security certifications. The Information Security Specialist will be responsible for the following: Execution of the initiation and certification phases of NIST SP800-37. Examine and test the security configurations and setting on the Information Systems and applications. Interview System Owners, Information System Security Officer, System Administrators, Database Certifiers, Developers and end users to determine the security posture of the system and to assist in the completion of the NIST SP800-53a test steps. Analyzing vulnerability and compliance scan results on Windows, Solaris, and Linux systems. Generating Plan of Action and Milestones findings for the non-compliant settings and security deficiencies. Responsible for Project Management of technical assessments against multiple systems. Ability to expand into other areas of the Certification and Accreditation process. Responsible for aiding in own self-development by being available and receptive to all training made available by the company. Work with the C&A leads to provide support as needed to complete the certification on multiple systems. Work with the System Administrators to examine and test the security posture of the systems and applications. Prepares documents for C&A packages by pre-determined deadlines. Documents preparation includes: System Security Plans, IT Contingency Plans, Incident Response Plans, Business Impact Assessments, Risk Assessments, FIPS 199 Profiles, Plan of Actions and Milestone (POA&M) and other documents that support the C&A process. Provide recommended remediation for identified weaknesses. Work with the System Administrators or Database Administrators in questions regarding certification. Other duties as assigned.

Requirements

Must have a BS degree and at least one business, computer or related technical certification: CISSP, CAP, CISA, CISM, GIAC. This position requires the following minimum skills and experience: At least 1 year experience in the field of C&A; At least 3 years of Information Security Experience; At least 1 year of experience with hardening of Oracle Databases or Microsoft or Unix; At least 1 year experience in executing NIST SP800-37 & NIST SP800-53. Able to analyze Nessus vulnerability scan results and compare configuration compliance scans against industry security configuration guidelines. Familiar with OMB, FISMA, FIPS and other federal regulations and requirements associated with Information Security. Strong written and oral communications skills. Professional experience in preparation of reports, presentations, summaries and analysis. Strong interpersonal skills applied to interactions with all levels of authority. Must be able to obtain a Public Trust level 5 security clearance.

Please refer to job code 395 when responding to this ad.

Category:	Trades
Location:	Rockville, MD
County:	Montgomery County
ZIP Code:	20847
Pay Rate:	Open
Job Terms:	full time
Company:	Chickasaw Nation Industries
Phone:	email only please
Fax:	email only please