Pono Aina Management, LLC is seeking an Information System Security Specialist to support our Federal government client. This is a unique and challenging opportunity in the Office of the Chief Technology Officer (CTO) in Diplomatic Security, US Department of State. CTO is the primary IT group within the Bureau of Diplomatic Security, providing many web applications and other services used by Federal and local law enforcement officers worldwide.
The ISSS tasks and responsibilities include:
- Working as an information system security subject matter expert (SME) on FISMA, NIST standards and guidelines, Privacy Act, HIPAA, E-Gov, OMB Circulars A-11 and A-130, and Clinger-Cohen as they apply to data and application security.
- Responsible for Assessment and Authorization (A&A) activities for Consular Affairs / Consular Systems and Technology (CA/CST) automated information systems (AIS) and provides A&A support for domestic and oversea deployed systems.
- Tracks and reports status of their assigned A&A's and brings any obstacles that may impact the completion of the A&A to the attention of the A&A Task Lead and the Program Manager (PM) in a timely manner.
- Ensures that A&A packages are submitted to IA and follows up to ensure IA approval of each phase of the A&A process prior to systems' Authorized to Operate (ATO) expiration date.
- Analyzes production system configuration change requests (CCR) of existing systems to determine security impact using the Security Impact Analysis (SIA) process, and initiates required actions to maintain security posture and authorization status.
- Conducts weekly or monthly meeting with Government Task Managers (GTMs) and developers. Schedules and facilitates boundary meetings, RMF Step 1 Kick-off meetings, and RMF 1-3 Working Groups.
- Gathers required information to support system authorization by organizing technical working groups, conducting fact-finding interviews, attending system demo, assessing system security categorization (SCF) levels, establishing system security control baseline, acting as a security advisor to the GTM during the security controls implementation.
- Develops and updates the following security application documentation:
- Security Categorization Form (SCF)
- E-Authentication Form (eRA)
- System Security Plan (SSP)
- Supports the Contingency Plan (CP) SME and Privacy Impact Assessment (PIA) SME in the development of the following security application documentation:
- Information System Contingency Plan (ISCP)
- Privacy Impact Assessment (PIA)
- Completes data calls in a timely manner which include but not limited to Quarterly POA&Ms data call. Reviews, monitors and reports POA&Ms status to all parties including PM, ISSP GTM, System GTM and System Development Team, and System Operation Teams.
- Provides guidance to System GTM and System developers as it related to the A&A process using both the National Institute of Standard and Technology (NIST) Special Publication (SP) 800 series and Department Foreign Affairs Manual (FAM) guidelines.
- Assists and advises System GTMs and System developers in the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet AIS security requirements.
- Must have an Active Secret Clearance
- A&A experience as it relates to cybersecurity, information assurance, or IT.
- CAP Certification (Must obtain within 8 months of being hired)
- Bachelor's Degree in related field
- 5 years experience
- CAP, CISSP or other IT and security-related certifications
H2 exists to serve alongside the Warfighter. We strive to provide quality and value to the customer by employing skilled professionals who understand and anticipate the needs of a changing military landscape and respond with superior service. Everything we do is inspired by our enduring mission to create value and make a difference everywhere we engage.