ConvoCourses

Cyber Security Compliance and IT Jobs

ISSM

Cybersecurity specialist Patuxent

by Leave a Comment

Checkout the courses:
https://securitycompliance.thinkific.com

The job:

Position: Cyber Security Lead #ISSO #ISSM
Location: Patuxent River, Maryland
Full time position

Required Clearance: Secret / Top Secret
Required Certifications: IAT level III Certification.

Required Experience: Five (5) years of experience in IT security, including A&A and/or IT security risk analysis, preferably in support of the Federal Government

Skills:

· Managed team of people.
· Knowledge of Federal Government SA&A practices and policies, particularly FISMA and NIST.
· Must be motivated and results oriented.
· Effective written and oral communication skills.
· Previous Federal Government or National Archive experience a plus
Role:
Provide subject matter expertise in the provision of information assurance (IA) support for certification and accreditation (C&A), DIACAP or RMF accreditation package and artifact generation, requirements analysis, security test and evaluation (ST&E) plans and execution, risk assessments, systems analysis and hardening, incident response and policy analysis, trusted product evaluations, IA program assessments, and security posture presentations. Provide analytical support for the development and submission of C&A documentation in compliance with the DIACAP or RMF requirements. Apply knowledge of technology, analyze the security implications of systems and applications security, and provide recommendations to decision-makers and engineers. Provide experience-based advice and assistance to facilitate C&A efforts.

Please provide the following information
Current Salary:
Salary Expectation:
Full Name:
Contact No:
Best time to call you:
Email address:
Current Location:
Relocation:
Availability:
Visa status:
Clearance:

Thanks & Regards,

Terry Dean
Sr. Technical Recruiter- Federal
E-Talent Network

8(a) / SDB | CMMI level 3 Certified
Direct: 703-687-6627 Ext.384
Email: terryd@etalentnetwork.com

Need Information Systems Security Officer in Herndon, VA

by Leave a Comment

Information Systems Security Officer

Location: Herndon, VA
Duration: 1 year
US Citizenship Required –  Public Trust or Secret Clearance Tier III
Summary• Advises key technical personnel of system regarding design, engineering and compliance requirements
• Advises key stakeholders of security posture and risks associated with the system
• Reviews configurations changes for the system and the impact of changes
• Creates, manages and facilitates NIST based security documentation and controls
• Identifies, manages and facilitates remediation of security weaknesses

Job Responsibilities/ Duties:
• Develop, consult, implement controls and documentation for the security of the system. This includes: outlining system operating environment, overall mission, physical diagrams, hardware and software inventories, configuration management, type of data processed, user organizations, security classifications, operating modes, interconnections to other systems/networks, security personnel, and other associated responsibilities.
• Oversee, develop, improve and maintain the overall security posture of the system; that includes: Information System Security Plans, Risk Ratings, Contingency Plans, Security Assessments, and Contingency Plan Tests and other associated documentation.
• Participate in the development or revision of security controls of the system and local operating procedures that are based upon regulatory, policy and industry requirements.
• Act as a consultant to system owners for the security of the system and system documentation. For example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans
• Provide expertise in classified and unclassified ratings to customers.
• Work closely with technical teams for successful Certification & Accreditation of the system that leads to ATO
• Attend ISSO training courses and sessions as required
• Perform interpretations of monthly vulnerability scan results of assigned systems

Required Training:
Senior Level IT Security Certifications (CCDP, CCNP Security, CISSP, CISM, etc.)
Education/Equivalent Training Required: Bachelor’s Degree or equivalent experience will be evaluated
Unique/Additional /Experience (Position Specifics):
Expert knowledge of FISMA and NIST Special Publications
Experience implementing, assessing and managing security controls for federal IT systems
Expert knowledge of IT security best practices
Expert knowledge of current IT security threats
Broad knowledge of IT technologies and operations
Ability to develop good working relationships with customers, colleagues and other stakeholders.
Excellent verbal and written communication skills
Ability to handle and prioritize multiple simultaneous systems, projects and other assignments.
Experience leading information security teams
Knowledge of HIPAA, FedRAMP, PCI, ISO and other standards
Location(s): District of Columbia (Metro Area),
Department: IT Security
Keywords: Certification and Accreditation, C&A, A&A, SA&A, FISMA, compliance, information assurance, ISSO, AISO, ISO, IASO and ISSM
Comments: US Citizen, US Government Suitability Determination and DoE Q Security Clearance is a Plus

Thanks & Regards,
Kartik Jain
Technical Recruiter

Security Analyst / Engineer role w/ USDA

by Leave a Comment

Do you happen to be on the job market?  If so, this long-term position is in Fort Collins, CO, and relocation is included.  We offer a great benefits package (medical/dental/vision/401k/disability/etc.) and also a host of soft benefits (team family outings, holiday gatherings, sporting events, relaxed workstyle & attire, reasonable hours, etc.).  The job description is BELOW, and I’m available immediately if you’d like to learn more.

 

Also, if you know of someone else who might be interested, we do offer a finders’ fee for any referrals that we hire.  Have a great evening!

 

-Tyler

 

*** NOTE:  I’m not a robot, I did review your resume manually, and all responses come directly to me! ***

 

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

 

POSITION SUMMARY:  SECURITY ANALYST / ENGINEER

 

Responsibilities:

  • Analyze business, functional, and non-functional requirements to create technical design and unit test strategy documents.
  • Design, test, and implement solutions based on requirements provided from the Enterprise Application Services, Office of the Chief Information Officer (OCIO), USDA
  • Design artifacts that follow the technical standards and guidelines
  • Work with staff to define solutions and implement those solutions according to the agreed upon design.
  • Control deployment of HP “Source Code Analyzer”
  • Review monthly and quarterly Retina and WebInspect scans and recommend technical solutions to mitigate vulnerabilities
  • Actively transfer knowledge and mentor staff members on various aspects of system specific administration, configuration, and development

Required Skills:

  • Experience collaboratively establishing secure configuration baselines for technologies such as Windows Server 2008 R2, or Red Hat Enterprise Linux Server 6.
  • Experience securing Oracle database suites or MS SQL databases (not looking for someone who only has network skills).
  • Experience performing IT product security specification reviews.
  • Experience designing/reviewing architectures for adequate security such as secure authentication methods.
  • Ability to use collaborative communication skills and establish productive working relationships.
  • Experience with documentation reviews, including A&A packages
  • Awareness of the diagnostic and mitigation aspects of Information Security Continuous Monitoring.
  • Assists Information Systems Security Managers (ISSMs) in generating ATO package and continuous monitoring artifacts.
  • Assists in documenting and managing artifacts in online SharePoint and CSAM security repositories.
  • Knowledge of Risk Management Framework
  • Knowledge of NIST, FISMA and other applicable guidance

Desired Skills:

  • Implement security controls in appropriate information systems.
  • Assess the effectiveness of the security controls once they have been implemented.
  • Determine agency-level risk to the mission or business case.
  • Authorize the information system for processing.
  • Monitor the security controls on a continuous basis
  • Implement security controls in appropriate information systems.

Who has the authority to appoint an IAM (ISSM)

by Leave a Comment

Who has the authority to appoint an Information Assurance Manager (IAM)/Information Security Security Manager?

An IAM (Information Assurance Manager) is now called an Information System Security Manager (ISSM).  The program manager, system manager or component commanders appoints the Information security security manager in writing.

According to DoD 8510.01, Risk Management Framework it is the Program Manager/System Manager who appoints the ISSM for each assigned Information System or PIT system with the support, authority, and resources to satisfy the responsibilities established in this instruction.

In the Department of Navy, Information System Security Manager is appointed by Program Executive Offices, Systems Commands – According to SECNAV, 5239.2

The Army currently uses AR 25-2, Information Assurance (being replaced).  The Information Assurance Program Manager (IAPM) appoints the IAM 3-2.

IAM. Appoint IAMs at all appropriate levels of command. This includes subordinate commands, posts, installations, and tactical units. Appoint an IAM as needed for those Army activities responsible for project development, deployment, and management of command-acquired software, operating systems, and networks. A contractor will not fill the MSC, installation, or post IAM positions and the person filling the position will be a U.S. citizen.

 

info assurance

by Leave a Comment

IA
IA

Info assurance is a comprehensive approach to information security.  It included risk management, information protection, operational risk, business risk, assurance technology and much more.

More on “What is Info Assurance”?

Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data.  Information assurance is used as a more complete approach to information security.

Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training.  Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.

Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.

By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies.  But IA jobs expect specific certification(s), experience and degree.  The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140.  There are lots of titles that are considered within IA:  System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.