Develop and coordinate all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Security Assessment Report.
Support security control assessments, reporting, and monitoring processes utilizing standard governance, risk, and compliance (GRC) tool.
Coordinate, track, and report status and concerns related to Plan of Action and Milestones (POA&Ms) and Risk Acceptance Forms (RAFs).
Support and document security controls tests, coordinate remediation, and ensure POA&Ms are appropriately managed.
Review existing SA&A documentation, System Security Plan (SSP), Security Assessment Report (SAR), and other supporting artifacts.
Assess and document compliance with NIST 800-53, Security and Privacy Controls.
Acting as the primary point of contact for all information security matters, inquiries, and management reporting pertaining to the information system including FISMA reports, security control assessments and authorization, and audits.
Ensuring that a system security plan is completed and kept current and in compliance with Department’s standards.
Ensuring the information system receives and maintains a valid authority to operate (ATO) at all times.
Ensure compliance with federal regulations and privacy laws.
Remaining current on the duties pertaining to the roles and responsibilities of an ISSO.
Three (3) years of experience or more assessing and documenting FISMA/FedRAMP security control assessment for system(s), infrastructure(s) and/or applications (on-premises and/or cloud) in compliance NIST SP 800-53 security controls and SP 800-171 Risk Management Framework (RMF) processes.
Preferred Additional Skills:
One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) scans for enterprise endpoint devices to ensure patch and configuration compliance.
Technical background that will assist in complying with the NIST SP 800-53 security controls and gather evidence to support compliance.
Bachelor's Degree in Computer Science, Software Engineering or equivalent STEM field and 10+ years’ experience related to systems engineering, implementation, and monitoring.
Allowable Substitution for bachelor’s degree is 7 years of relevant experience
Must be able to obtain and maintain an active Public Trust 6C clearance
About Our Work
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.