RMF ANALYST
Company: Centurion Consulting Group
Location: Washington
Posted on: November 6, 2024
Job Description:
Centurion is hiring a RMF Analyst to support one of our clients
out of the Washington, DC area. This position will require the
individual to work onsite 3 days a week in DC.
Do not pass up this chance, apply quickly if your experience and
skills match what is in the following description.
KEY RESPONSIBILITIES:
- Serve as the principal advisor to the information system owner
(SO), Information Systems Security Manager (ISSM), Chief
Information Security Officer (CISO) on all matters (technical and
otherwise) involving the security of assigned information
systems.
- Participate in planning and management of all phases of the
House Risk Management Framework (RMF) Security Assessment and
Authorization (A&A) process.
- Complete required A&A activities on assigned IT
systems.
- Ensure that the appropriate operational cybersecurity posture
is maintained for assigned Chief Administrative Officer (CAO)
systems to provide confidentiality, integrity, and availability of
information systems. For each system assigned to an ISSO, the ISSO
will be responsible to complete and keep updated the following
security documentation:
- Security Impact Analysis (SIA)
- Information Sensitivity Security Assessment
- System Security Plan (SSP)
- Plan of Action and Milestones (POA&M)
- Information Technology Risk Acceptances
- Configuration Management Plan
- Supply Chain Risk Management Plan
- Interconnection Security Agreements
- Memorandums of Understanding
- Information Data Exchange Agreements
- Vulnerability Reports
- Authorization Letters
- Perform continuous monitoring of implemented security controls
to ensure that they are implemented correctly, operating as
intended and producing the desired outcome with respect to meeting
the cybersecurity requirements for assigned IT systems. Conduct
continuous monitoring activities, to include:
- Maintenance of current ATO
- Conducting periodic system self-assessments
- Review periodic vulnerability scan reports and compliance
reports
- Ensure stakeholders are performing system log reviews as
defined in the SSP
- Ensure assigned IT system user accounts are periodically
reviewed for accuracy and completeness
- Work with technical teams to mitigate security control
deficiencies and vulnerabilities for assigned IT systems.
- Assess the cybersecurity impact of changes to assigned IT
systems and document findings in a SIA report and brief
stakeholders.
- Conduct self-assessments of security controls, identify
weaknesses and track remediation activities in POA&M.
- Manage the POA&M process for designated IT systems to
provide timely detection, identification and alerting of
non-compliance issues. In coordination with SO staff, create
POA&Ms or remediation plans for vulnerabilities identified
during risk assessments, audits, inspections, etc.
- Provide the required system access, information, and
documentation to security assessment and audit teams.
REQUIRED EDUCATION & EXPERIENCE:
- Five (5) or more years of demonstrated experience performing
systems security assessments, preparing system security
documentation, and/or performing security upgrades for live
networks, desktop systems, servers, and enterprise databases
leading to successful security authorization of such systems.
- Strong working knowledge and familiarity with NIST publications
and privacy frameworks.
- Strong Risk Management Framework (RMF) experience.
- Demonstrated understanding of cloud service models, hybrid
models, financial applications, and mobile security technologies
and tools.
- Demonstrated experience supporting an industry risk management
tool executing A&A activities.
- Bachelor's degree in computer science, information technology,
cybersecurity, or a related technical discipline required.
Desired:
- Current and maintained certification in one or more of the
following IT Security disciplines: Certified in Risk and
Information Systems Control (CRISC), Certified Information Security
Manager (CISM) or Certified Information Systems Security
Professional (CISSP) or equivalent certification.
Position Details:
Clearance: N/A
US Citizenship or Authorization to work in US required
Travel:
#J-18808-Ljbffr
Keywords: Centurion Consulting Group, Baltimore , RMF ANALYST, Professions , Washington, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...