Description & Requirements
Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs. Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs. With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom. For more information, visit https://www.maximus.com.
The Maximus DoD Cloud Information Systems Security Officer (ISSO) will work directly with the Maximus Federal Business Information Security Officer (BISO) to identify and manage implementation of security policies, standards, and procedures that support federal customers with federal requirements to include FISMA, applicable FAR and DFAR Clauses, Executive Orders, and OMB’s applicable to IL5 Cloud Environments. The primary role of the ISSO will be the creation, management, and administration of a System Security Plan (SSP) to include all required artifacts needed to obtain a DISA IL5 certification and to maintain compliance with NIST 800-53 and associated NIST 800 series publications. The ISSO will be responsible for all continuous monitoring of the IL5 environment supporting federal customers and will be the SME for control management and the establishment of Inheritance which will be used to support future DoD projects.
Additional Requirements as per contract/client:
Candidates must be a US Citizen
Essential Duties and Responsibilities:
- Perform complex risk analyses and risk assessment.
- Establish and satisfy Information Assurance (IA) and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
- Support customers in the development and implementation of doctrine and policies.
- Advise information system owners on client/project security policies and requirements for systems.
- Keep abreast of emerging security technologies and make appropriate recommendations regarding the enhancement of the security posture of systems and their implementation.
Project Responsibilities:
- Create and manage System Security Plan and creation and or validation of all associated artifacts required to obtain DISA IL5 certification as well as NIST 800-53 compliance to include but not limited to a System Level Continuous Monitoring (SLCM) Strategy, HW/SW lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, Risk Assessment Review (RAR) and Plan of Action and Milestone (POA&M.)
- Liaison with Maximus Federal business units, Maximus Corporate business units, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met.
- Communicate federal requirements to Maximus Information Security Office (ISO) and advise implementation of applicable security controls and hardening standards to governance and technical teams.
- Assist the BISO and ISO Team in the identification and assignment of control owners throughout the organization and continually review controls on organizationally defined periodicities.
- Actively collaborate with Maximus Threat and Vulnerability Management (TVM) Team to ensure applicable technologies are compliant with defined vulnerability remediation timelines and hardening standards via enterprise vulnerability management tools.
- Bachelor's Degree in related field.
- 5-7 years of relevant professional experience required.
- Equivalent combination of education and experience considered in lieu of degree.
Project Required Experience and Skills:
- Bachelor’s Degree in Computer Science or related field or the equivalent combination of education, training, or work experience.
- 5+ of security or technology related experience.
- DISA IL5 Certification Experience
- Strong understanding of federal and DoD requirements to include but not limited to applicable Executive Orders, FISMA, FIPS, CMMC, NIST 800-171, NIST 800-53, NIST 800-60, NIST 800-65, SCRM, FedRAMP, DODI 8500s, 8500.2s, and 8510s.
- Experience with GRC tools (eMASS, CFACTS, CSAM).
- Experience developing SSP’s and applicable artifacts required for A&A activities.
- Experience with STIG compliance.
- Experience with vulnerability management and assessment via Qualys and Tenable.
- Works on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
- Exercises judgement in selecting methods, techniques, and evaluation criteria for obtaining results.
- Networks with key contacts outside own area of expertise.
- Develops solutions to a variety of complex problems.
- Work requires considerable judgment and initiative.
- Ability to communicate technical information in understandable business terms.
- Excellent interpersonal skills, presentation skills, and verbal / written communication skills.
- Strong customer service abilities required.
- Ability to work collaboratively with a broad range of staff.
- Skilled in Microsoft Office software including Word, Excel, Visio, MS Project, and PowerPoint.
- Ability to perform comfortably in a fast-paced, deadline-oriented work environment.
- Ability to execute many complex tasks simultaneously, and work as a team member as well as independently.