ISSO Analyst/ Hybrid

Job Title:: ISSO Analyst /Cyber Security Assessment and Authorization Analyst
Location : Rockville, MD (3 Days onsite)

Duration: Long Term

Job Description:

Client is seeking a highly motivated, flexible, organized, and detail-oriented ISSO/Cyber Security Assessment and Authorization Analyst to join our dynamic team at Rockville, MD.

If you want to learn, grow, and help then this is the job for you. We support a project/customer that "seeks to better understand, treat, and ultimately prevent infectious, immunologic,

and allergic disease seeks fundamental knowledge about the nature and behavior of living systems and the application of that knowledge to enhance health, lengthen life, and reduce illness

and disability. What you do matters and has a significant impact on the medical and scientific communities we serve. Your work here really matters and has a real impact.

Responsibilities

• Support a client as an assessment and authorization (A&A) analyst, including A&A efforts for various agency systems.
• Maintain responsibility for supporting federal clients obtaining the authority to operate (ATO) for new and modernized systems.
• Adhere to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing and
• implementing security controls, testing and validating security controls, and analyzing and tracking corrective action plans.
• Ensure all supporting artifacts and results will be documented in the A&A repository
• Performing security controls assessments on security boundaries and producing required security documentation.
• Experience with NIST special publications (SPs) regarding the SA process, including SP 800-53, SP 800-137, and SP 800-37.
• Experience with continuous monitoring and plans of action and milestones (POA&M) management.
• Experience with assessing systems deployed in Cloud Environments.

Job Requirements

• BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred).
• 5 years of experience with assessment and accreditation (A&A).
• 5 years of experience as a security control assessor or validator.
• 5 years of experience with maintaining IT security policies, processes, and guidance.
• Experience with using GRC tool CSAM
• Experience with A&A of cloud-plaforms

Applicants selected will be subject to a Public Trust background security investigation and may need to meet eligibility requirements for access to sensitive information.