Menu

Information Security Officer

Location: Columbia, Maryland

Category: Security Guard Jobs

Job highlights

Identified by Google from the original job post

Qualifications

3+ years of experience with NIST and Federal security documentation

Active CISSP or equivalent security related certification

Capable of obtaining Level Five: Public Trust security clearance

Proven experience with FISCAM and FedRAMP requirements

Experience writing and maintaining security related documents, including the System Security Plan (SSP), Contingency Plan and Test (CP), Information System Risk Assessment (ISRA), Security Assessment Plan/Report (SAP/SAR) and the Privacy Impact Assessment (PIA)

Ability to resolve complex support issues by leveraging user forums, support forums, or opening support cases with vendors and following them to closure

Strong ability to find mitigation and alternative approaches

Knowledge of current as well as emerging security threats

Understanding of and experience with Agile Development and DevSecOps/DevOps

Proven experience with Cloud Technologies (AWS)

Proven experience with Microsoft Office Tools (Outlook, Word, Excel, PowerPoint)

Must be a US and have lived in the United States at least three (3) out of the last five (5) years

Responsibilities

The Information Security Officer (ISO) will work closely with Project and Technical management to plan, design and implement Dynamic Application Security Testing (DAST) and/or Static Application Security Testing (SAST) security methodologies into the technical solution of a program within the Centers for Medicare and Medicaid Services (CMS)

The ISO will be responsible for assuring all CMS security and privacy considerations and requirements are assessed, addressed and documented for the given application, designing the solution so that it passes the required Annual Security Assessment Testing (within CMS referred to ACT or Adaptive Capabilities Testing) and maintains the system Authority to Operate (ATO)

Promote a professional work ethic with the ability to meet commitments, scheduled timelines and take ownership of problems

Lead, support and document all security incident response activities

Perform annual security assessment audits (such as ACT, PenTest, etc.)

Perform Web Application Penetration and Continuous Diagnostic Monitoring (CDM) testing

Mitigate and/or address the security specific vulnerabilities and document via Plan of Action and Milestones (POA&M)

Support ad hoc security requests from the customer and program management

Conduct security impact assessments for new or existing architecture changes

Job description

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Chags Health Information Technology LLC (C-HIT), is seeking the following. Apply via Dice today!

Job Description:

The Information Security Officer (ISO) will work closely with Project and Technical management to plan, design and implement Dynamic Application Security Testing (DAST) and/or Static Application Security Testing (SAST) security methodologies into the technical solution of a program within the Centers for Medicare and Medicaid Services (CMS). The ISO will be responsible for assuring all CMS security and privacy considerations and requirements are assessed, addressed and documented for the given application, designing the solution so that it passes the required Annual Security Assessment Testing (within CMS referred to ACT or Adaptive Capabilities Testing) and maintains the system Authority to Operate (ATO).

The primary responsibilities of the position include but are not limited to:

• Promote a professional work ethic with the ability to meet commitments, scheduled timelines and take ownership of problems.

• Lead, support and document all security incident response activities.

• Perform annual security assessment audits (such as ACT, PenTest, etc.).

• Perform Web Application Penetration and Continuous Diagnostic Monitoring (CDM) testing.

• Mitigate and/or address the security specific vulnerabilities and document via Plan of Action and Milestones (POA&M).

• Support ad hoc security requests from the customer and program management.

• Conduct security impact assessments for new or existing architecture changes.

Required Skills:

• 3+ years of experience with NIST and Federal security documentation.

• Active CISSP or equivalent security related certification.

• Capable of obtaining Level Five: Public Trust security clearance.

• Proven experience with FISCAM and FedRAMP requirements.

• Experience writing and maintaining security related documents, including the System Security Plan (SSP), Contingency Plan and Test (CP), Information System Risk Assessment (ISRA), Security Assessment Plan/Report (SAP/SAR) and the Privacy Impact Assessment (PIA).

• Ability to resolve complex support issues by leveraging user forums, support forums, or opening support cases with vendors and following them to closure. Strong ability to find mitigation and alternative approaches.

• Knowledge of current as well as emerging security threats.

• Understanding of and experience with Agile Development and DevSecOps/DevOps.

• Proven experience with Cloud Technologies (AWS)

• Proven experience with Microsoft Office Tools (Outlook, Word, Excel, PowerPoint).

Desired Skills and Certifications:

• Working experience within CMS including with CMS Information Systems Security and Privacy Policy (IS2P2), NIST 800-53, NIST 800-63, CMS Acceptable Risk Safeguards (ARS), CMS Risk Management Handbook (RMH) and CMS Federal Information Security Management Act (FISMA) Controls Tracking System (CFACTS).

• Proven experience with Security tools such as Burp, SonarQube, AWS Security Tools

• Proven experience with networking concepts, such as, DHCP, DNS, VLANs, Routing and VPNs

Must be a US and have lived in the United States at least three (3) out of the last five (5) years.

"C-HIT is an EOE, including disability and veterans."
Apply on Company Website You will be redirected to the employer’s website