Cybersecurity Specialist Sr Lead with Security Clearance

Cybersecurity Specialist ‐ Senior Level(Key Person Task Area Lead) Task Area 6: Component Risk Management and Compliance / Senior Risk Analyst Certification Required:
• CISSP or CISM or CSSP or CAP Security Clearance Required:
• Top Secret Required Years of Experience:
• 8 Job Location:
• Currently remote due to COVID and building renovations
Must be in or willing to move to the National Capital Region within the DC Metropolitan area
Education Requirement:
• Bachelor's Degree in Computer Science or related field Job Description:
• Support Process Improvements & automations for the OA Program and monitors DHS MGMT systems OA requirements
• Provide Customer Service Support on internal DHS processes, methodologies, and guidance.
• Provide architecture advisement to the government including, but not limited to, network security and engineering, active directory design and implementation, application integration, and system hierarchy.
• Leverage the DHS ticketing system to track all work requests and projects ensuring work efforts are documented.
• Participate, plan, and attend various Working Group meetings.
• Engage with and support Continuous Monitoring Working Group (CMWG) or/and Compliance Working Group (CWG) meetings discussing related information on Continuous Monitoring processes and DHS Component feedback.
• Participate in Performance Plan Working Group by reviewing current metrics, recommending updates with justification.
• Organize, prepare, participate in, and sometimes run the monthly Organizational Risk Management Board (ORMB) meeting to include release of meeting minutes to attendeesMethodologies, Strategic Plans, Guidance documents and policy memos with security authorizations, inventory, security training program, policy, and procedures and guidelines.
• Review and analyze DHS policy to identify discrepancies.
• Develop, maintain, and update Guidance, Standard Operating Procedures, Templates, Knowledge documents, How-to guides, FAQs, and Trainings
• Develop, maintain and update POA&M operating procedures to review POA&M weakness remediation activity for effectiveness and quality.
• Develop documentation and provide trainings for various subject areas as requested by Federal Lead on a schedule or on an ad hoc basis.
• Develop and update relevant FISMA Compliance SOPs on a quarterly basis.
• Manage and update Remediation Plan Guidance, SOPs, Trainings and Templates
• Provide guidance and support to all MGMT systems on Ongoing Authorization (OA) processes and procedures.
• Draft and propose Standard Operational Procedures (SOP) as requested by the government and shall review/update all SOPs annually.
• Develop ATO security authorization Packages and other compliance documents to be routed for approvals and signature.
• Review Ongoing Authorization documents and develop the OA Submission package and its contents.
• Create and deploy custom reports and dashboards, working with the government points of contact, to provide specific content to the government on a need-basis.
• Utilize available data analytics tools to create custom dashboards, risk models and reports.
• Compile data, organize information, and prepare routine reports per required.
• frequency for review and submission by federal staff.
• Compile data, organize information, and prepare ad hoc reports for review and submission by federal staff.
• Prepare decision memos and compile analysis artifacts.
• Draft analysis findings, presentations, point papers, after action reports, gap analysis, business impact analysis and other analytics documentation as directed.
• Assist federal staff in identifying reporting processes which can be automated for better efficiency and reduced resource cost.
• Maintain associated task and request trackers per required frequency.
• Prepare reports on the aggregate risk for systems in supported programs.
• Develop and maintain weekly Executive POAM Report Dashboards
• Attend and support weekly project/system meetings focused on security systems as identified by the Federal Compliance Manager.
• Provide weekly/monthly reports, meeting minutes, user feedback and propose process improvements accordingly to Federal Lead
• Attend SDLC/SELC project meetings for each DHS system, review system business requirements against NIST and DHS security controls requirements to identify gaps and discuss solutions/mitigations, risk rate the identified gaps and raise risks to the Federal Compliance Manager and Federal Information System Security Manager.
• Attend weekly Compliance Team meetings and provide reports in the approved format on the status of requested FISMA Compliance activities.
• Manage and track the POA&M Risk Board Schedule, Plan, host and provide meeting minutes and action items on POA&M Meetings
• Report weekly and monthly with a summary of the PRB progress as defined by Federal POA&M Lead.
• Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify trends and anomalies cybersecurity performance and mitigation of risk.
• Provide research and development support of data analytic and data management technologies including those associated with collecting, analyzing, parsing, and reporting large volumes of data that may support the DHS CISOD Continuous Monitoring team, as well as DHS Component Continuous Monitoring teams.
• Provides guidance, reviews and tracks POA&M Consolidation and Remediation Plans for MGMT Systems to ensure proper remediation planning and POA&M consolidation for the FY CIO POA&M Sprint
• Boundary Consolidation Team provides guidance and reviews requests for boundary creation, consolidation and/or major changes to MGMT FISMA Boundaries
• Provides priorities to ISSOs based on the CISOD program priorities established by the Federal Compliance Manager.
• Review information system and program security plans, assessments, risk packages, self-assessments, POAMs and continuous monitoring data to validate risk remediation performance and management.
• Review information system and program POAMs closure waiver, and risk acceptance requests to validate information and advise federal staff on the soundness of request justification and evidence.
• Review DHS MGMT FISMA Inventory Change Request prior to submission to the MGMT Compliance Designee for processing
• Provide quality assurance of all security authorization documentation and other documentation that supports the system.
• Review, analyze and manage DHS Performance Plan Metrics for assigned programs and systems; report any discrepancies to the Federal Compliance Manager, ISSO and ISSM.
• Provide oversight of vulnerability and weakness management for MGMT systems.
• Provide risk determinations in support of security authorization, weakness remediation, and audit activities.
• •Perform security impact analysis based on changes to information systems.
• Monitor the gates or phases in the System Lifecycle Management (SLM) process and prepare the Information System Security Manager and the Federal Compliance Manager with outstanding issues and risks identified in the process prior to concurrence on system readiness.
• Update all pertinent information for all system within the DHS MGMT FISMA portfolio repository.
• Update and maintain tasks and project status on the DHS Headquarters Compliance Team SharePoint Site daily or as suggested by Federal Compliance Manager.
• Review and analyze Department Crystal Reports weekly and report any discrepancies to the ISSM, ISSO and Compliance Manager.
• Perform quality reviews of the remediation plans for accuracy, quality, feasibility, and completeness.
• Review POA&M quality against quality metrics to ensure accurate entry into DHS FISMA Compliance Tool and track remediation action on POA&Ms to completion.
• Be able to read raw scans and remediation artifacts to determine if the weakness has been mitigated or resolved.
• Review, route, process, and upload (in FISMA Compliance tool) all MGMT waivers and POA&M Closures
• Ensure the MGMT OA Program strictly abides by the
• DHS Ongoing Authorization Methodology.
• Validate the System Control Allocation Table (CAT) is accurate and corresponds to the annual OA assessment frequency requirements.
• Conduct monthly reviews of Ongoing Authorization systems to ensure they are meeting Ongoing Authorization program requirements.
• Review Ongoing Authorization documents and develop Submission package and its contents.
• Provide oversight and are the primary point of escalation for the systems in their program portfolio.
• Provide regular (weekly) reports summarizing the adherence to agreed-upon schedules
The report shall include detailed summaries of length and number of delays and recommendations for "get- well" plans
Additionally, the reports shall summarize the work completed and milestones met to include metrics.
• Reporting priorities and status of deliverables for all systems to the Federal CISOD PM/DPM, the Federal Compliance Manager, and the Contractor PM Informing stakeholders of system related compliance activities, i.e., FISMA scorecard, Plan of Action and Milestones (POA&M) resolution issues, Authority to Operate (ATO), Contingency and Contingency Test Plan and Privacy Threshold Analysis (PTA) expirations.
• Provide weekly report on outstanding tickets from MGMT tracker Informing stakeholders of system related compliance activities, i.e., FISMA scorecard, Plan of Action and Milestones (POA&M) resolution issues, Authority to Operate (ATO), Contingency and Contingency Test Plan and Privacy Threshold Analysis (PTA) expirations.
• Advise and send monthly correspondence to stakeholders on expired and upcoming expiring CP/CPT and Privacy documents.
• Provide monthly ISPP quality issues to ISSOs.
• Prepare and process Information System Security Officers (ISSO), Information System Security Manager (ISSM), and System Owner Designation Letters.
• Conduct annual assessments as

---