Specialist - ComptrSecSys - Maximus
Boston, MA 02108
About the Job
This position is for a System Security Automation Specialist. Responsible for direct interface with agency Information Systems Security Officials (ISSO), Chief Information Officer (CIO), Science Information Officer (SIO), and other officials to support security requirements and initiatives. Responsible for the review and documentation processes of systems in the context of IT Security. Perform risk analyses which also includes risk assessment leading to a formal Authority to Operate (ATO) status of system compliance. The level of support includes guidance, recommendations, and SA&A support.
Position is remote. Candidate must reside locally to attend onsite meetings in the Atlanta office.
Responsibilities:
• Ensures that applications and infrastructure support activities are in full compliance with all federal wide OMB and agency policies and procedures, including adherence to EPLC standard processes and procedures, as well as adherence to federal NIST 800-53_rev 5, NIST 800-171 security standards.
• Candidate will have an active role on the team to support the review & compliance of NIST 800-171 policies along with other security and compliance responsibilities.
• Support Security Assessment & Authorization (SA&A) process
• Conduct and document Privacy Impact Assessments utilizing agency guidance.
• Review system logs. Develop and monitor security and privacy controls.
• Provide Change Management support to stewards to include completing the CM process prior to system and application changes.
• Develop and manage Plan of Action and Milestones (POA&M) for systems to identify, assess, prioritize, and monitor the progress of corrective actions for security weaknesses as discovered.
• Provide Privacy Impact Assessment (PIA) guidance and support SORN implementation.
• Develop Exceptions and Waivers to support mission-related needs.
• Develop draft security and privacy policies and standards.
• Review and process assigned procurement requests.
• Conduct and review application and system vulnerability scans. Provide scan results to system stewards including remediation guidance.
• Assess security controls (SCA) to support ISSO certification authority.
• Act as Security Steward and/or alternate for systems as needed.
• Review and process software-related requests for customers
Required Skills:
• High knowledge of NIST 800-171 policy and governance
• Advanced technical competencies in information assurance and security relevant to the analysis, design, and development of security features policy and controls for regulatory requirements such as FISMA, HIPAA, and the Privacy Act.
• Strong understanding of the IT Security & Privacy laws, regulations, and NIST standards.
• Advanced knowledge of IT enterprise security scanning, threat remediation, penetration testing as directly applicable to IT data processing complex with high sensitivity and personal identification/clinical systems (HIPAA) requirements.
• Advanced knowledge in establishing and maintaining cooperative working relationships with other employees, scientific research personnel, vendors, and other organizations.
Desired Skills:
Knowledge of Archer Governance Risk & Compliance (GRC), Jira, and Confluence
Work Experience: 3 - 7 years
Education:
Bachelor of Science (BS) degree
Certifications:
Security+, CISSP, CISM, CCSSP or other related certifications highly desirable
*****This job is reserved for TCS (Technology and Consulting Services) only.*****
EEO Statement
Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We're proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.