Establishes and satisfies complex system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands. Supports customers at the highest levels in the development and implementation of doctrine and policies. Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
Maintain security artifacts for eTalk, IPVFB, Administar.
Duties include:
- Update and maintain ASSERT database
- Perform Annual Documentation Review for each major application within the scope of work:
- PIA
- System Self Assessment (ASSERT)
- Risk Assessment
- SSP
- Contingency Plan
- Standard Operating Procedures (SOP)
- Answer EISO/OMB Data Calls
- Coordinate CERT request from EISO
- Coordinate Incident Response Training
- Coordinate Triennial Recertification Documentation for each major application within the scope of work.
- PIA
- Security Control Assessment (ASSERT)
- Risk Assessment
- SSP
- Contingency Plan
- Letters of Transmittal
- Provide Guidance to BAPD Information System Owners on C&A documentation maintenance
- Maintain- Privacy Impact Assessment in ASSERT
- Maintain- Risk Assessment Report in ASSERT
- Maintain- System Security Plan in ASSERT
- Maintain- System Self Assessment/Security Controls Assessment Report(s)
- Maintain- System Categorization Worksheet (Inventory Documentation)
- Maintain- FIPS 199 Security Categorization in ASSERT
- Develop and maintain-Incident Response Plan for the major applications
- Create and Maintain- System Specific Contingency Plan
- Develop System Specific Contingency Plan/Test Plan
- Develop System Specific Contingency Plan
- Develop System Specific Contingency Test Plan
- Test System Specific Contingency Plan
- Maintain- System Specific Contingency Plan Test Results Report
o Provide EISO with Contingency plan testing report as artifact for FISMA reportable condition
- Maintain-Plan Of Action & Milestones
- Provide Plans of Action and Milestone (POA&M) Inputs
- Monitor POA&M residual risk remediation efforts
- Maintain-Plan of Action & Milestones w/new weakness for C&A package
- Monitor Continuous Monitoring efforts
- Provide Guidance to BAPD on Continuous Monitoring
- Report Continuous monitoring activities with EISO
- Provide inputs into the Annual Information Assurance Handbook reviews.
- Provide Security consultation towards all major application change/development efforts per ITSLCM
- Attend meetings with development team to ensure that security is built in the design/requirement documents.
-
- Coordinate Vulnerability Assessments with EISO Security
- o Coordinate all OIG and Internal Audit security responses
To apply for this job email your details to brian@cycle3it.com