We are seeking a motivated and customer-oriented professional to support our CDC client.
Duties And Responsibilities Include
The Security Assessment and Authorization (SA&A) Specialist is responsible for ensuring the compliance and security of IT Systems through expert-level customer support and comprehensive Assessment and Authorization (A&A) services. This role involves consulting with CIOs, interpreting and developing cybersecurity policies, and overseeing the ongoing authorization of IT systems. The SA&A Specialist will play a pivotal role in maintaining adherence to federal mandates and enhancing the security posture of the organization.
- Customer Support and Consultation:
- Provide expert-level customer support to programs and partners regarding Governance, Risk, and Compliance (GRC) task requirements.
- Consult with CIOs to provide support for GRC-related matters and ensure compliance with FISMA and other federal mandates.
- Policy Management and Compliance:
- Oversee annual security policy reviews, approval processes, and dissemination.
- Interpret, develop, communicate, and maintain cybersecurity policies, decision papers, standards, and procedures.
- Respond to Requests for Information, Comments, and Data Calls related to cybersecurity guidance and team reporting deliverables.
- Authorization and Assessment Processes:
- Establish processes for and conduct ongoing authorization of IT systems.
- Develop and maintain a modernized pre-assessment process based on NIST standards to ensure package readiness for assessment.
- Perform Security Program Analyst (SPA) post-assessment tasks, including reviewing control assessments and preparing authorization documents.
- Security Testing and Evaluation:
- Conduct security testing and evaluation of IT systems to validate security controls and identify weaknesses.
- Provide qualitative risk analysis and recommend cost-effective safeguards to mitigate vulnerabilities.
- Technical Expertise and Coordination:
- Provide domain technical subject matter expertise for projects such as ongoing authorization and implementation of NIST 800-53 Control Revisions.
- Work with IT System Common Control Provider (CCP) owners to ensure appropriate controls are offered for inheritance.
- Communication and Reporting:
- Communicate A&A status, risks, and metrics to leadership to facilitate timely prioritization and risk mitigation activities.
- Maintain key performance indicator (KPI) metrics for A&A performance activities, ensuring valid system authorizations for no less than 96% of operational IT Systems.
- Documentation and Compliance:
- Document accurate, comprehensive assessment results and communicate recommendations for system weaknesses or deficiencies.
- Ensure compliance with FISMA, NIST, DHS, HHS, and other governing bodies.
Required Qualifications
- Strong understanding of NIST standards, FISMA, and other relevant regulatory requirements.
Desired Qualifications
- Cybersecurity Certifications (CISSP, CISM, etc.).
Education Requirement: Bachelor's degree in Information Technology, Cybersecurity, or similar.
Clearance Requirement: Ability to obtain and maintain a Public Trust.
Why Join Gunnison?
- Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
- Quality is our top priority.
- Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
- There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
- We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
- We hire for careers at Gunnison, not to fill a position.
Employee Benefits
Gunnison employee benefits meet or beat other companies in the Washington, D.C. metropolitan area, including:
- Bonuses AND profit-sharing
- 401k Matching
- Certifications and training allowance $2,500/year
- 3 weeks of personal leave your first year (160 hours can roll over every year)
- 5 days of Flex-Time-Off per year
Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time.
In 1994 Gunnison Consulting Group began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects.
By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.