ECS is seeking a Cyber Security SME to work remote.

Job Description:

• Track and maintain logs for the completion of program related trainings; Develop use cases and test scripts, conduct UAT, and report on findings.
• Review and update existing GRC specific information security policy, standards, and procedures based on federal and departmental regulations.
• Support the development of monthly and weekly status reports summarizing the status of completed, ongoing, upcoming tasks, and work performed.
• Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
• Create and maintain project status documentation for various tasks and activities, including outlines, plans, process improvement plan, task timelines, risk registers, lessons learned, requirements documents, meeting agendas, meeting minutes, and others.
• Support the Management of the Agency’s  Enterprise Governance, Risk & Compliance (GRC) module to ensure accurate operational and ATO status of systems as well as system POCs, and related FISMA inventory attributes per the FISMA Inventory SOP.

Salary Range: $110,000 - $135,000

General Description of Benefits

Required Skills:

• Strong written and verbal communication skills.
• Strong communication ability across all levels of management.
• Support the Program Manager with project coordination related tasks.
• Documenting control requirements and deficiencies to both technical and non-technical audiences.
• Develop and implement information assurance/security standards and procedures.
• Draft and route all memos and similar administrative documents for new security authorization or updated security authorization.
• Experience writing technical papers documenting results of research, impact and/or risk analysis, recommendations, etc., on evolving threats, new technologies, approaches to address new federal mandates, etc.
• Experience developing and reviewing quality security assessment deliverables with ensuring the content of each deliverable is specific to the subject systems, complete, and accurate.
• Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays.
• Have thorough understanding of NIST Risk Management Framework (RMF) and document OCC’s RMF processes.
• Conduct reviews and updates of deliverables (compliance and assessment) to ensure quality, consistency, and accuracy with respect to technical editing.
• Track status of GRC tickets and requests
• Support end user/user acceptance testing of GRC changes
• Meet with the ESM team on OCC’s RMF processes to assist with communicating requirements.
• Monitor, track, and update GRC ticket status/requests
• Create OCC specific SOPS and Job Aids

Desired Skills:

• Experience with Business Analysis Processes including Requirements Management and Documentation; Data Analysis and Management; and Data flow mapping.
• Experience with GRC tools (Required) like Service Now (Prefered)
• Experience supporting security assessments and reviewing related documents.
• Experience performing Certification and Accreditation (C&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Certification and Accreditation documents.
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Knowledge the policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the OCC.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.