ISSO/Cyber Security Assessment and Authorization Analyst
Rockville, MD.
Hybrid role.
Local or nearby candidates only.
USC or GC preferred.
10+ yrs exp.
Need 100% suitable resume.
Experience with using GRC tool – CSAM
Experience with A&A of cloud-platforms
Job Responsibilities
- Support a client as an assessment and authorization (A&A) analyst, including A&A efforts for various agency systems.
- Maintain responsibility for supporting federal clients obtaining the authority to operate (ATO) for new and modernized systems.
- Adhere to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing and
- implementing security controls, testing and validating security controls, and analyzing and tracking corrective action plans.
- Ensure all supporting artifacts and results will be documented in the A&A repository
- Performing security controls assessments on security boundaries and producing required security documentation.
- Experience with NIST special publications (SPs) regarding the SA process, including SP 800-53, SP 800-137, and SP 800-37.
- Experience with continuous monitoring and plans of action and milestones (POA&M) management.
- Experience with assessing systems deployed in Cloud Environments.
Must have:
- 5+ years of experience with assessment and accreditation (A&A).
- 5+ years of experience as a security control assessor or validator.
- 5+ years of experience with maintaining IT security policies, processes, and guidance.
- Experience with using GRC tool – CSAM
- Experience with A&A of cloud-platforms
- BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred).