Cyber Information Security SME

Position Title: Cyber Information Security SME

Location: Washington D.C

Position Summary:

Iron Vine Security is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a Cyber Information Security SME to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Job Requirements:

· Strong written and verbal communication skills.

· Demonstrated ability to interact effectively with senior management and leadership.

· Possess knowledge of NIST Risk Management Framework at the subject matter expert level, particularly including SP 800-30, 37, 39, 53, and 53-A.

· Ability to craft enterprise-specific implementation guidance for system owners who are attempting to satisfy NIST SP 800-53 controls.

· Extensive experience drafting SOPs, System Security Plans, Security Assessment Plans, POAMs

· Ability to analyze and interpret Federal legislation, directives, Office of Management and Budget (OMB) mandates, and guidance provided by the National Institute of Standards and Technology (NIST) against existing information security and privacy policy to identify required updates.

· Understanding of FIPS 199 Federal Computer Systems Categorization standards.

· Experience with supporting the Authorization to Operate (ATO) process.

· Ability to conduct research on new and emerging information technologies and develop comprehensive information security and privacy policy, standards/guidelines, and procedures to facilitate the implementation of information security and privacy controls.

Certifications/Licenses:

· BS degree or other 4-year college degree or equivalent work experience

· 5 years’ experience in information security and assurance

· One of the following certification or equivalent certifications preferred:

- Certified Information Systems Security Professional (CISSP);

- Certified Information Security Manager (CISM);

- Certified Information Privacy Professional (CPP);

- Certified Information Privacy Manager (CIPM);

· Active Public Trust clearance or higher

Additional Experience Preferred:

· Knowledge of risk and how to measure risk with respect to IT systems.

· Knowledge of IT systems used in health care or health research.

· Experience reviewing and drafting Privacy Impact Assessments (PIAs).

· Has reviewed and developed Security Assessment and Authorization (SA&A) documents.

· Possesses an in depth understanding of the NIST Risk Management Framework (RMF).

· Supported efforts to ensure compliance with FISMA and NIST Guidance.

· Ability to provide recommendations and guidance to the customer which enables them to enhance and optimize their information security program.

Position Responsibilities:

· Review and update existing information security policy, standards, and Standard Operating Procedures based on federal and departmental regulations.

· Draft, review, and/or update SA&A security artifacts such as FIPS 199, PTA, PIA, NIST SP 800-60-3 Digital Identity, Information System Contingency Plan and Contingency Test Plan, System Security Plan, Security Assessment Plan, Security Assessment Report.

· Draft security policies and procedures and provide recommendation for improvement and compliance with applicable standards.

· Support Disaster Recovery and Incident Response efforts

· Examine system documentation, interview appropriate system stakeholders, test system technical security configuration settings, review vulnerability scan results for compliance requirements

· Assist with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems.