Information Security Officer

Job highlights
Identified by Google from the original job post
Qualifications
3+ years of experience with NIST and Federal security documentation
Active CISSP or equivalent security related certification
Capable of obtaining Level Five: Public Trust security clearance
Proven experience with FISCAM and FedRAMP requirements
Experience writing and maintaining security related documents, including the System Security Plan (SSP), Contingency Plan and Test (CP), Information System Risk Assessment (ISRA), Security Assessment Plan/Report (SAP/SAR) and the Privacy Impact Assessment (PIA)
Ability to resolve complex support issues by leveraging user forums, support forums, or opening support cases with vendors and following them to closure
Strong ability to find mitigation and alternative approaches
Knowledge of current as well as emerging security threats
Understanding of and experience with Agile Development and DevSecOps/DevOps
Proven experience with Cloud Technologies (AWS)
Proven experience with Microsoft Office Tools (Outlook, Word, Excel, PowerPoint)
Must be a US and have lived in the United States at least three (3) out of the last five (5) years
Responsibilities
The Information Security Officer (ISO) will work closely with Project and Technical management to plan, design and implement Dynamic Application Security Testing (DAST) and/or Static Application Security Testing (SAST) security methodologies into the technical solution of a program within the Centers for Medicare and Medicaid Services (CMS)
The ISO will be responsible for assuring all CMS security and privacy considerations and requirements are assessed, addressed and documented for the given application, designing the solution so that it passes the required Annual Security Assessment Testing (within CMS referred to ACT or Adaptive Capabilities Testing) and maintains the system Authority to Operate (ATO)
Promote a professional work ethic with the ability to meet commitments, scheduled timelines and take ownership of problems
Lead, support and document all security incident response activities
Perform annual security assessment audits (such as ACT, PenTest, etc.)
Perform Web Application Penetration and Continuous Diagnostic Monitoring (CDM) testing
Mitigate and/or address the security specific vulnerabilities and document via Plan of Action and Milestones (POA&M)
Support ad hoc security requests from the customer and program management
Conduct security impact assessments for new or existing architecture changes
Job description
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Chags Health Information Technology LLC (C-HIT), is seeking the following. Apply via Dice today!

Job Description:

The Information Security Officer (ISO) will work closely with Project and Technical management to plan, design and implement Dynamic Application Security Testing (DAST) and/or Static Application Security Testing (SAST) security methodologies into the technical solution of a program within the Centers for Medicare and Medicaid Services (CMS). The ISO will be responsible for assuring all CMS security and privacy considerations and requirements are assessed, addressed and documented for the given application, designing the solution so that it passes the required Annual Security Assessment Testing (within CMS referred to ACT or Adaptive Capabilities Testing) and maintains the system Authority to Operate (ATO).

The primary responsibilities of the position include but are not limited to:
• Promote a professional work ethic with the ability to meet commitments, scheduled timelines and take ownership of problems.
• Lead, support and document all security incident response activities.
• Perform annual security assessment audits (such as ACT, PenTest, etc.).
• Perform Web Application Penetration and Continuous Diagnostic Monitoring (CDM) testing.
• Mitigate and/or address the security specific vulnerabilities and document via Plan of Action and Milestones (POA&M).
• Support ad hoc security requests from the customer and program management.
• Conduct security impact assessments for new or existing architecture changes.

Required Skills:
• 3+ years of experience with NIST and Federal security documentation.
• Active CISSP or equivalent security related certification.
• Capable of obtaining Level Five: Public Trust security clearance.
• Proven experience with FISCAM and FedRAMP requirements.
• Experience writing and maintaining security related documents, including the System Security Plan (SSP), Contingency Plan and Test (CP), Information System Risk Assessment (ISRA), Security Assessment Plan/Report (SAP/SAR) and the Privacy Impact Assessment (PIA).
• Ability to resolve complex support issues by leveraging user forums, support forums, or opening support cases with vendors and following them to closure. Strong ability to find mitigation and alternative approaches.
• Knowledge of current as well as emerging security threats.
• Understanding of and experience with Agile Development and DevSecOps/DevOps.
• Proven experience with Cloud Technologies (AWS)
• Proven experience with Microsoft Office Tools (Outlook, Word, Excel, PowerPoint).

Desired Skills and Certifications:
• Working experience within CMS including with CMS Information Systems Security and Privacy Policy (IS2P2), NIST 800-53, NIST 800-63, CMS Acceptable Risk Safeguards (ARS), CMS Risk Management Handbook (RMH) and CMS Federal Information Security Management Act (FISMA) Controls Tracking System (CFACTS).
• Proven experience with Security tools such as Burp, SonarQube, AWS Security Tools
• Proven experience with networking concepts, such as, DHCP, DNS, VLANs, Routing and VPNs

Must be a US and have lived in the United States at least three (3) out of the last five (5) years.

"C-HIT is an EOE, including disability and veterans."