- Develop and maintain FISMA systems’ security documentation, requirements, and deliverables to include, but not limited to: System Security Plans (SSPs), Contingency Plan (CP), Configuration Management Plan (CMP), Incident Response Plan (IRP), Security Control Assessments, and updates to Governance, Risk, and Compliance (GRC) tool.
- Support Risk Management and all assessment activities during the accreditation process.
- Provide and support the development and management of Plans of Actions and Milestones (POA&Ms) in response to reported vulnerabilities. Manage the risks to the information systems/applications and other Bureau assets by coordinating appropriate correction or mitigation actions, and cover and track the timely completion of POA&Ms.
- Serve as the liaison with the System Owner and other IS personnel, and coordinate System Owner concurrence for correction or mitigation actions.
- Develop and implement a continuous monitoring strategy, and support ongoing continuous monitoring activities.
- Prepare and update reports to ensure that the unit complies with mandated internal and external security reporting requirements.
- Act as Security Advisor to the System Owner regarding security considerations in the various systems and applications.
- Serve as resources for the organization and partner users concerning all security questions regarding information systems and applications.
- Support and facilitate the security awareness, training, and education program.
- Assist the Information System Security Manager (ISSM), or CISO in any other security related duties, as required.
- Monitor and coordinate patch management and scanning techniques.
Candidate must have active Public Trust or Higher Clearance