Enterprise Cloud Security Officer/Architect

Job Description

Description

SAIC is seeking a Cloud ISSO to join our CMS Security Operations team to play a key role. The ISSO will be a key leadership position within the CMS Security Operation Program. Responsibilities will include strategic level vision to maintain and improve the CMS enterprise security posture.

This role is 100% remote!

The key responsibilities for this position include:

• Act as subject matter expert in the domain, the candidate will be current and remain current with the latest Cybersecurity doctrine, prepare documentation including Security Impact Analysis (SIA),
System Security Plans (SSP), Information Contingency Plan (ISCP) across the enterprise.
• The ISSO role will focus on the enterprise governance and risk of exposure across a multi-cloud and on-premises environment that will include multiple vendors and XaaS products.
• Excellent communication skills to include writing, oral communication, and presentation skills the embraces and enables the end business user to deliver CMS core services to millions of Americans.
• Assist in planning and preparation for security assessment and authorization (A&A).
• Provide support for and where necessary to create security documentation for the required phases of the A&A process in support of obtaining Authority to Operate
(ATO) approvals of systems.
• Prepare all necessary documentation for Notifications of Change (NOC), security audits and compliance, IT review board change requests and other required IT system documentation Prepare all necessary documentation for Notifications of Change (NOC), security audits and compliance, IT review board change requests and other required IT system documentation.
• Implement risk management programs for our CMS clients by utilizing NIST, RMF, and FISMA compliance frameworks.
Enhance cyber awareness with clients and project teams.
• Work alongside as a trusted partner with the federal clients and contractors to help them mitigate risk with the use of continuous monitoring and incident response.
• Establish security controls to ensure protection of client systems.
• Implement cutting edge security tools for our HHS/CMS clients.
• Demonstrate ability to risk assess new and emerging topics and policies such as artificial intelligence.
• Supporting the management of Plan of Action and Milestones (POA&Ms) management and remediation to ensure compliance with government security policies and procedures.
• Develop or modify implementation and design documents describing how security features are implemented.
• Perform and lead Risk Management Framework (RMF) assessments, authorizations, and monitoring steps for systems following NIST standards and best practices.
• Must be able to deliver clear and effective communication both verbally and non-verbally to deliver updates; briefings; or interface with executive level customers as well as with teammates and program leadership.

Qualifications

Required Education and Experience:

• Bachelor’s Degree in technical discipline and 9+ of related experience is required, 10+ years of related experience highly preferred.
• Must be able to obtain and maintain a Public Trust clearance based on the Department of HHSregulations.
  • Candidate must be a U.S. citizen who has resided in the U.S. for 3 out of the last 5 years.

Required Skills:

• Must have extensive (min of 9 years) experience working with Commercial and FedRamp AWS and Microsoft Azure for Government providers.
• Background working with RMF and NIST 800-53.
• 9+ years in federal security compliance domain.
• Experience implementing initiatives such as Zero Trust Security Framework, Ongoing Authorization.
• Experience developing strategic-level plans and strong knowledge and experience in cybersecurity information technology and security applications in a HHS or preferably a CMS environment.
• Experience managing, tracking and/or otherwise supporting security project tasks; including but not limited to security controls development and implementation, security testing and remediation, compliance tracking, and documentation for management and auditing activities.
• Experience working with compliance and vulnerability tools (Such as Tenable Nessus), endpoint protection (such as Trend Micro).
• Experience with cyber awareness (e.g., phishing emails, cyber trainings, intrusion detection).
• Prior professional services or federal consulting experience on HHS/ CMS programs.

 Desired Skills

• Prior professional services or federal consulting experience.
• Certifications (e.g., CompTIA Security+, CEH, CISSP).
• ISSO or System Engineering experience.

Target salary range: $165,001 - $175,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective and efficient solutions that are critical to achieving our customers' missions.
We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.9 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.