Senior Information Security Consultant (ISSO)

Date Posted: 
Friday, April 13, 2018
Job Type: 
Full Time
Job Location: 
Baltimore, MD

General Duties:

  • Provide security consulting to the IBSG (Innovation Business Support Group) ISSOs and the various projects in CMMI (Center for Medicare and Medicaid Innovation)
  • Assist the CMMI projects  in understanding  CMS security requirements , and the XLC (Expedited Life Cycle)
  • Work closely with ISSO employees to promote knowledge transfer, standards, and improved ISSO best practices across  CMS enhance the ISSO community. 
  • Work closely with ISSOs to help identify what “is needed” to manage current risks adequately, and in the future, when considering workforce capabilities and needed capacity. 
  • Will re-institute a monthly ISSO meeting and implement a quarterly ISPG newsletter
  • Will serve as an information security SME to provide explanations, evaluations, and recommendations to the Center’s ISSOs draft and/or review system security artifacts, including ISRA, SSP, CP, and PIA
  • Will build a security community to have individuals across organizations that share an interest in security, ISSO standards and classification, security best practices, and policies, share best practices, and be able to bring this knowledge back to their organization or team, to put into practice.


Specific Skills Required:

  • 10+ year's general information technology experience.
  • 8+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act 
  • Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
  • In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39  47, 53, 53A, 60, 63, 64, 137 and  FIPS 140, 199, 200 and 201
  • In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them
  • Practical knowledge of IT System contingency planning
  • Understanding of risk assessment and risk management concepts
  • Good understanding of continuous monitoring and continuous authorization concepts
  • Good understanding of protection of PII and PIA concepts
  • Expert use of MS Office, especially Word, PowerPoint and Outlook
  • Good ability to articulate technical concepts, especially in the review process
  • Knowledge of the CMS Security Library and the various security artifact templates and related implementation procedures, a plus 


We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, employee stock ownership plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.  


ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law

Shafeeq Rahman