Get new similar jobs by email for
Knowledge Consulting Group (KCG) is one of the largest privately held cybersecurity services firms in the United States; serving as a Federal Government Contractor and supporting Commercial customers. We operate as a trusted cyber advisor to our customers across the country. We take great pride in maintaining a single focus on being the leader in cybersecurity services, providing risk management, governance, operations, and compliance services, utilizing our CISO framework methodology. We are uniquely positioned as a trusted cyber advisor with over 90 percent of our cyber professionals holding security clearances and security-specific certifications. With over 12 years of experience in providing cybersecurity services to our customers, we have a strong record of past performance in advising and executing cyber missions for all types of organizations and sectors.
Direct support to HRSA cybersecurity leadership and program/system owners in the development and management of the HRSA cybersecurity strategy. Provides guidance and direction on FISMA compliance, enterprise risk management, and the protection of Personally Identifiable Information (PII).
Lead ISSO supporting HRSA enterprise security program strategy and initiatives. Works closely with senior leadership and operational components to drive FISMA compliance across the agency. Provides Subject Matter Expertise (SME) support on all components of the HRSA cybersecurity compliance program.
Serves in the capacity of Senior Information Systems Security Officer (ISSO) to assist in all facets of risk management and data protection across customer organization.
1. Understanding of the Federal Information Security Management Act (FISMA) requirements and National Institute of Technology and Standards (NIST) guidelines and special publications.
2. Three+ years of experience with Information Security, including conducting SA&A and continuous monitoring activities.
3. CAP certification required (CISSP will be considered in place of CAP)
4. Educational requirements: A bachelor’s degree in computer science, information systems, engineering, or a related discipline, or other related scientific or technical discipline.
5. Understanding of processes used to assess risk and establish security requirements and documentation to ensure that information systems possess security safeguards commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.
6. Understanding of measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. In-depth knowledge, skills, and abilities needed to enforce Information Assurance and Cybersecurity requirements, apply Information System Security (INFOSEC) methodologies and facilitate security assessment and authorization (SA&A) as well as continuous monitoring activities, such as vulnerability scans and security control assessments. Able to analyze and assess vulnerability scan outputs and provide feedback to CISO and system owner.
7. In-depth knowledge of information assurance levels and risk impact thresholds in meeting applicable security policies, standards and requirements to ensure that accrediting authorities have the information necessary to make an objective authorization determination based on an acceptable level of risk. Employee should be able to analyze, evaluate, and assess information system security policies, processes and procedures necessary to ensure a comprehensive multi-disciplined assessment of technical and non-technical security features and associated safeguards.
8. In-depth knowledge of System Security Plan, Contingency Plan and Testing, POA&Ms, Risk Assessment, and other security related documents. Employee should be able to assist ISSOs and/or system owners on addressing security controls and implementation methods in the SSP as well assist in contingency planning and testing, security control assessment and vulnerability scanning. Able to analyze, assess, control, determine, mitigate and manage risk within a federal management framework or within federal interest computer systems that store, process, display or transmit Personally Identifiable Information (PII). Able to identify, implement and integrate management and administrative risk methodologies for securing critical and sensitive information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources.
9. Strong knowledge of FISMA regulation, FIPS standards, NIST 800 series and other applicable guidance.
In addition to the above-referenced skill sets, a successful candidate shall have the following skills:
• Strong communication and interpersonal skills with the ability to act as a resource for, provide customer service in a courteous manner to, and work effectively with diverse groups of people at various levels within an organization. Writing skills sufficient to compose and edit a variety of documents using correct spelling, grammar, and punctuation, with the ability to pay close attention to detail and proofread work carefully.
• Strong organizational skills sufficient to prioritize work and complete assignments accurately, either independently or as part of a team, under pressure of competing deadlines and with frequent interruptions, working from own initiative and/or following direction, policies, or procedures. Independently establish priorities and coordinate and complete assignments within established timeframes.
Ability to identify customer needs and use analytical and decision-making skills to offer options and resolve problems in a variety of contexts
Ability to effectively communicate technical issues, identify technical gaps, and the root cause or systemic issues across the agency.
Strong verbal and written communication skills are highly preferred. It is highly desirable that candidates possess strong interpersonal skills. Candidates must be fluent in the English language.
Candidates may be asked to provide a writing sample.
Knowledge Consulting Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.
If interested in the position, please apply directly through our website but if you have questions or have trouble applying, you may contact: firstname.lastname@example.org.