Job Type
Full-time
Description
Sr. Cyber Security OfficerJob Type: Full-time
DescriptionWe are currently seeking a Sr. Cyber Security Officer to support our NOAA customer's Enterprise-Wide Security Services Compliance (EWSSC) program.
Place of Performance: Silver Spring, MD
Start Date: Immediate
Clearance: Public Trust - (High/IT-related Risk; requires a Background Investigation)
Key Responsibilities:
- Perform annual reviews of Security and Privacy Assessment & Authorization (SPA&A) packages for NOAA systems, using NIST SP 800-37 Rev. 2 guidance, to verify the adequacy of security measures.
- Conduct cursory annual reviews of SPA&A packages for 100% of NOAA systems to identify weaknesses and ensure compliance with NOAA's Security and Privacy Controls Matrix (SPCM).
- Maintain, manage, and act as the Subject Matter Expert and Data Custodian for the NOAA FISMA repository tool, Cyber Security Assessment and Management (CSAM).
- Develop security metrics with risk scoring to demonstrate security efficacy, and create repeatable procedures for dashboards reporting risk management and compliance.
- Define standard procedures for onboarding new FISMA systems and creating "child" sub-systems.
- Assist with cloud computing activities, including interpreting complex regulatory frameworks (FedRAMP, NIST 800-53), reviewing FedRAMP packages, and facilitating cloud compliance audits.
- Coordinate common control providers to ensure all common controls are documented, assessed, authorized, and offered for inheritance within CSAM.
- Develop, schedule, and conduct role-based training for NOAA Information System Security Officers (ISSO), Information Technology Security Officers (ITSO), and System Owners (SO) on topics including CSAM usage, RMF processes, Cloud security, and Contingency Planning.
Required Skills:
- Must possess at least one IT security certification identified in the DOC "Cybersecurity Awareness and Training Standard v1.0" (e.g., CISSP, CISM, CISA, CGRC, or CompTIA Security+).
- In-depth knowledge of NIST special publications (including NIST 800-37 Rev 2 and NIST 800-53 Rev 5) and the Risk Management Framework (RMF).
- Minimum of 8 years of experience in Cyber Security.
- Hands-on experience managing and utilizing the Cyber Security Assessment and Management (CSAM) database for FISMA inventory and continuous monitoring.
- High-level knowledge of cloud computing, FedRAMP continuous monitoring, and the protection of data stored in the cloud.
- Bachelor's degree in Computer Science, Information Technology, or a related field.
- Understanding of system security concepts, including firewalls, intrusion detection systems, and access controls.
- Strong analytical, problem-solving, and communication skills.
COMPENSATION:- Excellent compensation commensurate with experience in related field(s) and performance
- Major medical, dental, and vision
- Paid holidays
- Paid Time Off (PTO)
- 401k and company matching
