CSG Government Solutions is a national leader in planning, managing and supporting complex projects that modernize the information technology and business processes of large government programs. For more than 25 years, we have applied our expertise, innovation, and results-oriented mindset to the most complex program modernization projects of over 200 government and other organizations including 46 state and territory governments, the U.S. Department of Health and Human Services, the U.S. Department of Labor, and large municipal governments.
CSG provides multiple service offerings to our valued clients.
- PMO by CSG brings all the expertise and experience needed to establish and operate a ”full-service” PMO.
- IV&V by CSG provides independent insight into all aspects of a project, with a focus on risk identification, analysis, and mitigation.
- QA by CSG deploys highly experienced teams and innovative methods, knowledge, and tools to assure that complex projects achieve our client’s objectives.
- Strategy by CSG brings our high-value resources to provide insight into best practices.
- OCM by CSG operates on the principle that people are the key to realizing and sustaining the benefits of program modernization.
Position Description
CSG is seeking a QA System Security Analyst with Health and Human Services System experience to join our QA team conducting quality assessments of a large complex modernization effort.
Qualifications
- 10+ years experience in information systems security and privacy domain
- Experience documenting system security per NIST SP 800-18r1 guidance
- Experience conducting information security risk assessments per NIST SP 800-30r1 guidance
- Knowledge of security compliance requirements for federal agencies such as Internal Revenue Service (IRS) and Social Security Administration (SSA)
- Knowledge of NIST SP 800-53 security and privacy framework
- Experience leading/facilitating sessions to identify security requirements including identifying applicable security controls
- Experience working on large state government program modernization projects
- Certified Information Systems Security Professional (CISSP) certified
Responsibilities
- Facilitate discussions with state agency security SMEs and system vendors to identify compliance with applicable security controls
- Document system security plan per NIST SP 800-18r1 by gathering required information from the project staff
- Conduct information security risk assessments per NIST SP 800-30r1 guidance and documents the results in a report
- Participate in security requirements validation and design sessions and identify any gaps in requirements
- Review security-related project documentation and deliverables and provides recommendations for improvements
- Apply knowledge and experience of industry best practices and standards for QA services