Information Security Officer

Overview

Hybrid
$90,000 - $125,000
Full Time

Skills

CIISP
CMS
SSP

Job Details

Job Description:

The Information Security Officer (ISO) will work closely with Project and Technical management to plan, design and implement Dynamic Application Security Testing (DAST) and/or Static Application Security Testing (SAST) security methodologies into the technical solution of a program within the Centers for Medicare and Medicaid Services (CMS). The ISO will be responsible for assuring all CMS security and privacy considerations and requirements are assessed, addressed and documented for the given application, designing the solution so that it passes the required Annual Security Assessment Testing (within CMS referred to ACT or Adaptive Capabilities Testing) and maintains the system Authority to Operate (ATO).

The primary responsibilities of the position include but are not limited to:

  • Promote a professional work ethic with the ability to meet commitments, scheduled timelines and take ownership of problems.
  • Lead, support and document all security incident response activities.
  • Perform annual security assessment audits (such as ACT, PenTest, etc.).
  • Perform Web Application Penetration and Continuous Diagnostic Monitoring (CDM) testing.
  • Mitigate and/or address the security specific vulnerabilities and document via Plan of Action and Milestones (POA&M).
  • Support ad hoc security requests from the customer and program management.
  • Conduct security impact assessments for new or existing architecture changes.

Required Skills:

  • 3+ years of experience with NIST and Federal security documentation.
  • Active CISSP or equivalent security related certification.
  • Capable of obtaining Level Five: Public Trust security clearance.
  • Proven experience with FISCAM and FedRAMP requirements.
  • Experience writing and maintaining security related documents, including the System Security Plan (SSP), Contingency Plan and Test (CP), Information System Risk Assessment (ISRA), Security Assessment Plan/Report (SAP/SAR) and the Privacy Impact Assessment (PIA).
  • Ability to resolve complex support issues by leveraging user forums, support forums, or opening support cases with vendors and following them to closure. Strong ability to find mitigation and alternative approaches.
  • Knowledge of current as well as emerging security threats.
  • Understanding of and experience with Agile Development and DevSecOps/DevOps.
  • Proven experience with Cloud Technologies (AWS)
  • Proven experience with Microsoft Office Tools (Outlook, Word, Excel, PowerPoint).

Desired Skills and Certifications:

  • Working experience within CMS including with CMS Information Systems Security and Privacy Policy (IS2P2), NIST 800-53, NIST 800-63, CMS Acceptable Risk Safeguards (ARS), CMS Risk Management Handbook (RMH) and CMS Federal Information Security Management Act (FISMA) Controls Tracking System (CFACTS).
  • Proven experience with Security tools such as Burp, SonarQube, AWS Security Tools
  • Proven experience with networking concepts, such as, DHCP, DNS, VLANs, Routing and VPNs

Must be a US and have lived in the United States at least three (3) out of the last five (5) years.

"C-HIT is an EOE, including disability and veterans."

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.