The Computer Security Systems Specialist Level III will design, develop, engineer, and implement solutions to MLS requirements. Perform complex risk analyses which also include risk assessment. Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Support customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. Perform analysis, design, and development of security features for system architectures.
Key Tasks and Responsibilities
To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems and provide an accurate accounting and tracking for shortcomings and weaknesses. The weaknesses will be tracked, monitored and reported in Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA) and continuous monitoring activities will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision.
In addition to the personnel required to directly perform the subtasks listed in this section, the Contractor may provide Subtask Each Subtask support will provide effective implementation of their assigned subtask. Responsibilities include but are not limited to:
Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring);
Ensuring OFR goals are communicated to the task area supporting personnel;
Providing guidance, support, and supervision to the subtask area supporting personnel;
Ensuring supporting personnel are properly prioritizing tasks and responsibilities;
Ensuring proper allocation of tasks among supporting personnel, as applicable;
Ensuring proper scheduling of tasks among supporting personnel, as applicable;
Providing the final quality verification/validation of deliverables prior to submission to the OFR; and ensuring compliance with OFR timelines and deadlines for deliverables and associated subtask completion dates.
Education & Experience
Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps.
Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies.
Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums.
Identify, assess, and prioritize identified risks.
Collect evidence, artifacts, and document findings to support conclusions.
Report on compliance with internal policies, controls, and standards.
Provide recommendations for remediation of identified deficiencies.
Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure).
Coordinate third-party risk assessments and IT audits.
Manage remediation efforts and report on the status of control deficiencies.
Support security initiatives and global policy adherence and awareness efforts.
Support global information security metrics and reporting program(s).
Provide security expertise to business units and key stakeholders.
Enforce policy adherence and manage formal policy exception request.
Provide timely status updates/reporting on assessments and assigned projects.
Certifications
CISSP
CISM
Security Clearance
Public Trust
Must be a U.S. Citizen
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
D.C. or Remote
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
