Cyber Security (SME) - FISMA

Job Summary:

The Cybersecurity SME – FISMA is responsible for ensuring compliance with the Federal Information Security Modernization Act (FISMA) across Department of Commerce (DOC) systems. This role involves conducting risk assessments, security documentation development, and compliance tracking, as well as analyzing, reporting, and submitting data to Cyberscope. The SME will work closely with technical, administrative, and executive stakeholders to identify security gaps, map security controls, and implement mitigation strategies to ensure adherence FISMA, NIST, OMB, and other federal cybersecurity standards.

*This position is dependent upon contract award. Selected candidate must be onsite in Washington, DC.* 

Job Duties and Responsibilities:

• FISMA Compliance & Reporting Ensure full compliance with FISMA requirements for DOC systems and programs.
• Perform Cyberscope data entry and reporting, ensuring accuracy and alignment with federal mandates.
• Provide support for submission of all Office of Management and Budget (OMB), CISA, and Congressional reports required routinely, and on an ad-hoc basis ensuring reports are streamlined, accurate, on-time, and consistent with other reports to external entities.
• Provide subject matter technical knowledge and analysis to support functional technical areas of a project specifically in the area of FISMA (data collection, analysis, Cyberscope entry, presenting results, etc.).
• Apply principles, methods and knowledge of the functional area to specific task requirements to develop solutions to complex problems and is responsible for planning, developing, finalizing, and reviewing key deliverables in DOC cybersecurity programs. As a result, a strong understanding of standards and requirements outlined by FISMA, NIST, OMB and others are required.
• Actively engage in identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), working with the customer to compose requisite documentation (security categorizations, risk assessments, contingency plans, security test & evaluation reports, vulnerability assessment reports, etc.), and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices.
• Analyze data collected from open source, high-side, data calls and other sources to articulate results in both detailed and high-level formats for a diverse group of internal and external stakeholders.
• Other duties as assigned. 

Job Requirements (Education/Skills/Experience):

• Must have an active Public Trust clearance. 
• Minimum 8 years of experience in Federal cybersecurity, including experience in FISMA compliance, security risk assessments, and federal cybersecurity frameworks.
• Education: Master’s degree in Cybersecurity, Engineering, Information Technology, or related field.
• Strong knowledge of NIST SP 800-53, Risk Management Framework (RMF), FISMA reporting, and Cyberscope.
• Experience in conducting security control assessments, vulnerability management, and security audits.•
• Demonstrated ability to analyze complex security data and provide risk mitigation strategies.
• Experience in preparing security documentation, reports, and executive briefings for federal leadership.
• Systems Tools Familiarity: Cyberscope, and other tools as needed, e.g. CSAM, Splunk.

Desired:

• Certifications are Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), or similar.

Work Location:

• DOC Headquarters, Washington, DC

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.