AddressResponsibilities
Responsible for ensuring the security and integrity of Federal/National Security organization’s Information Systems, managing risk, and ensuring compliance with all relevant regulations and standards. This role requires a proactive approach to security management and the ability to work closely with both technical and non-technical stakeholders.Responsibilities
- Work with a team of IT risk management assessors performing IT risk and controls assessments using government governance & guidance and organizational policy & procedures
- Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including Subject Matter Experts (SMEs) such as system and database administrators
- Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
- Evaluating the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
- Documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
- Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
- Planning and executing day-to-day activities of IT controls assessments individually and as part of a team
- Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
- Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
- Implement and manage continuous monitoring programs to ensure ongoing security of Information Systems.
- Extensive experience with Risk Management Framework (RMF) process and 800-53, 37
- Experience creating and updating Security Assessment and Authorization (SA&A) artifacts such as FIPS 199, Contingency Plans (CP), Contingency Plan Tests (CPT), and System Security Plans (SSP).
- Knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews.
- Working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance.
- Experience performing FISMA, OMB Circular A-123, or similar internal control assessments
- Understanding of other security frameworks like FedRAMP and DISA DCAS
- Understanding of the DoD Cloud Computing Security Requirements Guide and other DoD STIG/SRGs, including experience in working with STIGViewer toolset
- Proficiency in eMASS
- Proficiency in Microsoft Excel, Word, and PowerPoint
Qualifications
Required Qualifications:
- BS+ 8-10 years of experience or MS+ 6-8 years of experience or Phd+ 3-5 years of experience. 4 years of additional experience will be considered in lieu of degree
- 8570 AIT II certified
- Active DoD TS clearance or above
- 5 or more years of relevant experience related to IT Risk Management, Information System Security and/or Cybersecurity
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.
