Vacancy caducado!
- In this position you shall assist the FFB with identifying, documenting, and maintaining IT internal controls necessary to ensure compliance with the security policies of the National Institute of Standards and Technology (NIST), Federal Information Security Modernization Act (FISMA), Office of Management and Budget (OMB) and Treasury OCIO.
- Assist with ensuring the Information System applications comply to the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
- Identify and document gaps between NIST RMF and Information System applications
- Assist with taking corrective steps, including documentation and internal controls management, and other related actions necessary to ensure the Information System applications are kept in compliance with current NIST RMF requirements.
- Identify and document control gaps and assist with resolution.
- Evaluate control deficiencies, including collaborating with control owners on root cause identification, mitigating controls, impact analysis, and remediation action plans.
- Log, follow-up, track, and close out identified audit findings (POA&Ms).
- Assist with implementation of IT Controls, compliance to NIST 80053-Rev5, data entry, and assist with input to Governance, Risk, and Compliance (GRC) System.
- Provide audit support, annual system assessments and review, Authorization to Operate (ATO) support, Plan of Actions and Milestones (POA&M) monitoring, tracking, and resolution with IT developers and other team members.
- Provide general technical and administrative support to the ISSO to ensure robust IT security and internal controls.
- The contractor is expected to have knowledge and expertise regarding the NIST Risk Management Framework and will be required to assist a project in which the LMCS and FSS applications are examined against the NIST Risk Management Framework.
- Expertise with I.T. Security and Internal Controls : including working knowledge of the security policies of the National Institute of Standards and Technology (NIST), Federal Information Security Modernization Act (FISMA), and the Office of Management and Budget (OMB).
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP) is preferred
- Experience with developing implementation statements
- Experience with assessing control implementations
- Experience working with development teams
- SOC-1 experience is preferred
Vacancy caducado!