Specialist - Comptrsecsys

**Description & Requirements**
This position is for a System Security Automation Specialist. Responsible for direct interface with agency Information Systems Security Officials (ISSO), Chief Information Officer (CIO), Science Information Officer (SIO), and other officials to support security requirements and initiatives. Responsible for the review and documentation processes of systems in the context of IT Security. Perform risk analyses which also includes risk assessment leading to a formal Authority to Operate (ATO) status of system compliance. The level of support includes guidance, recommendations, and SA&A support.

**Responsibilities**:

- Support Security Assessment & Authorization (SA&A) process
- Conduct and document Privacy Impact Assessments utilizing agency guidance.
- Review system logs. Develop and monitor security and privacy controls.
- Develop and manage Plan of Action and Milestones (POA&M) for systems to identify, assess, prioritize, and monitor the progress of corrective actions for security weaknesses as discovered.
- Provide Privacy Impact Assessment (PIA) guidance and support SORN implementation.
- Develop Exceptions and Waivers to support mission-related needs.
- Develop draft security and privacy policies and standards.
- Review and process assigned procurement requests.
- Assess security controls (SCA) to support ISSO certification authority.
- Act as Security Steward and/or alternate for systems as needed.
- Review and process software-related requests for customers

**Required Skills**:

- High knowledge of NIST 800-171 policy and governance
- Advanced technical competencies in information assurance and security relevant to the analysis, design, and development of security features policy and controls for regulatory requirements such as FISMA, HIPAA, and the Privacy Act.
- Strong understanding of the IT Security & Privacy laws, regulations, and NIST standards.
- Advanced knowledge of IT enterprise security scanning, threat remediation, penetration testing as directly applicable to IT data processing complex with high sensitivity and personal identification/clinical systems (HIPAA) requirements.
- Advanced knowledge in establishing and maintaining cooperative working relationships with other employees, scientific research personnel, vendors, and other organizations.

**Desired Skills**:
Knowledge of Archer Governance Risk & Compliance (GRC), Jira, and Confluence

Work Experience: 3 - 7 years

**Education**:
Bachelor of Science (BS) degree

Certifications:
Security+, CISSP, CISM, CCSSP or other related certifications highly desirable

**This job is reserved for TCS (Technology and Consulting Services) only.**

EEO Statement

Pay Transparency
- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.