You are here
Senior Information Security Consultant / Adviser
ASSYST is looking for a Senior Information Security Consultant to work onsite at our client in Baltimore, MD.
- Ensure the duties of the Security Control Assessor and Contingency Planning Coordination are completed as described in the HHS IS2P.
- Coordinate with the Data Guardian, ISO, Business Owner, and Cyber Risk Advisor (CRA) to identify the types of information processed, assign the appropriate security categorizations to the information systems, determine the information security and privacy impacts, and manage information security and privacy risk.
- Report compliance on secure protocol use in websites periodically as defined within the ARS.
- Submit recommendations to the Cyber Risk Advisor for system configuration deviations from the required baseline.
- Coordinate with the CIO, CISO, SOP, Data Guardian, and Website Owner/Administrator to ensure compliance with control family requirements on website usage, web measurement and customization technologies, and third-party websites and application.
- Coordinate with the System Developer and Maintainer in identifying the information security and privacy controls provided by the applicable infrastructure that are common controls for information systems.
- Document the controls in the information security and privacy plan (or equivalent document) to ensure implemented controls meet or exceed the minimal controls defined by CISO guidance.
- For privacy, coordinate with the Data Guardian, ISO, Business Owner, and CRA to meet all collection, creation, use, dissemination, retention, and maintenance.
- Requirements for PII, PHI, and FTI in accordance with the Privacy Act, E-Government Act, and all applicable guidance.
- Maintain current system information in CFACTS (e.g., POCs, artifacts) to support organizational requirements, IS2P2 and processes (e.g., communication, contingency planning, training, data calls).
- Coordinate with the Business Owner, ISO, and CISO to ensure that all requirements specified by the ARS and the RMH are implemented and enforced for applicable information and information systems.
- Ensure anomalies identified under the CMS Continuous Diagnostics and Mitigation (CDM) program and ISCM activities are addressed and remediated in a manner that is commensurate with the risks posed to the system from the anomalies.
- Evaluate the impact of network and system changes using RMH processes.
- Develop and review security and privacy artifacts and required activities through all phases of the Expedited Life Cycle in accordance with the CMS IS2P2 for ISSOs.
Specific Skills Required:
- 10+ year's general information technology experience.
- 8+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act.
- Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974.
- In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201.
- In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them.
- Practical knowledge of IT System contingency planning.
- Understanding of risk assessment and risk management concepts.
- Good understanding of continuous monitoring and continuous authorization concepts.
- Good understanding of protection of PII and PIA concepts.
- Expert use of MS Office, especially Word, PowerPoint and Outlook.
- Good ability to articulate technical concepts, especially in the review process.
- Knowledge of the CMS Security Library and the various security artifact templates and related implementation procedures, a plus.
We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, employee stock ownership plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.