DescriptionSAIC is seeking a remote FedRAMP / Cyber Compliance Analyst. This is in support of the Department of Health and Human Services (HHS) cybersecurity mission to ensure HHS can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure HHS has the capability and capacity to respond to new and emerging requirements, technologies and threats.Responsibilities:
Manage assigned Cloud Service Providers (CSPs) through the Continuous Monitoring of their Plans of Action and Milestones (POA&M) and Monthly Continuous Monitoring Reports
Prepare for and lead Monthly Continuous Monitoring and SAR Debrief/Annual Assessment Meetings for assigned CSPs
Complete Annual and Triennial Re-authorization Assessments to maintain an Authority to Operate (ATO)
Review POA&Ms and ensure CSPs remediate, mitigate and close findings
Lead HHS FedRAMP Authorization Process Review Meetings with HHS Operating Divisions, Staffing Division, and/or Cloud Service Providers interested in received an ATO Letter from HHS
Guide HHS Operating Divisions, Staffing Divisions, and interested Cloud Service Providers through the HHS FedRAMP Authorization Process
Review ATO package, e.g., System Security Plan (SSP), POA&M, Security Assessment Report (SAR), Information Security Contingency Plan (ISCP), Disaster Recovery Plan (DRP), Incidence Response Plan (IRP), etc., for new software/cloud service offerings/legacy systems going through the HHS FedRAMP Authorization Process
Identify vulnerabilities and risks to external accreditation boundary diagrams
Ensure network boundary components in customer deployments are accurately described and implemented based on the appropriate FedRAMP security controls
Provide oversight on the initial independent and subsequent annual security audits of the security controls to ensure compliance with cloud requirements and governance models
Leverage internal security operations procedures for efficient operation and protection of cloud applications while maintaining security integrity
Update the status of deliverables in weekly task trackers on an ongoing basis
QualificationsRequired Qualifications:
Experience and familiarity with cloud data security (FISMA/FedRAMP compliance).
Bachelors degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree.
Direct FedRAMP experience.
Strong understanding of Cloud computing models, architecture, design, and security evaluation.
Extensive experience with vulnerability management and Plans of Action and Milestones (POA&Ms), with Privacy Impact Assessments, and security categorizations.
Writing technical documentation and knowledge of Cloud and Security concepts.
Technical experience related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA/NIST A&A.
Understanding of the role of Third-party Assessment Organizations (3PAO).
Experience with and knowledge of: National Institute of Standards and Technology (NIST) standards Strong governance, risk and compliance experience, Cloud Computing Security Requirements Guide (SRG).
Experience with public cloud solutions (AWS, Google, and Azure).
Proven ability to work with clients, business partners and suppliers.
2+ years direct FedRAMP experience preferred.
Education : Bachelor’s Degree in a relevant field or 4 years of additional experience in lieu of a degree.Certification : IAT Level I Certification(s) or above desired.Clearance : Must be a U.S. Citizen with the ability to obtain and maintain a Public Trust clearance.Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.SAIC accepts applications on an ongoing basis and there is no deadline.Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
REQNUMBER: 2412712SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability