[Close] 

Senior Information Security Consultant / Adviser

ASSYST?is looking for a?Senior Information Security Consultant?to work onsite at our client in Baltimore, MD.General Duties:Provide security consulting to the ISPG (Information Security Privacy Group) ISSOs and?fulfill all responsibilities identified in the HHS Information Systems Security and Privacy Policy (IS2P)Ensure the duties of the Security Control Assessor and Contingency Planning Coordination are completed as described in the HHS IS2PCoordinate with the Data Guardian, ISO, Business Owner, and Cyber Risk Advisor (CRA) to identify the types of information processed, assign the appropriate security categorizations to the information systems, determine the information security and privacy impacts, and manage information security and privacy riskReport compliance on secure protocol use in websites periodically as defined within the ARS.Submit recommendations to the Cyber Risk Advisor for system configuration deviations from the required baseline.Coordinate with the CIO, CISO, SOP, Data Guardian, and Website Owner/Administrator to ensure compliance with control family requirements on website usage, web measurement and customization technologies, and third-party websites and applicationCoordinate with the System Developer and Maintainer in identifying the information security and privacy controls provided by the applicable infrastructure that are common controls for information systemsDocument the controls in the information security and privacy plan (or equivalent document) to ensure implemented controls meet or exceed the minimal controls defined by CISO guidanceFor privacy, coordinate with the Data Guardian, ISO, Business Owner, and CRA to meet all collection, creation, use, dissemination, retention, and maintenanceRequirements for PII, PHI, and FTI in accordance with the?Privacy Act,?E-Government Act, and all applicable guidanceMaintain current system information in CFACTS (e.g., POCs, artifacts) to support organizational requirements, IS2P2 and processes (e.g., communication, contingency planning, training, data calls)Coordinate with the Business Owner, ISO, and CISO to ensure that all requirements specified by the ARS and the RMH are implemented and enforced for applicable information and information systems.Ensure anomalies identified under the CMS Continuous Diagnostics and Mitigation (CDM) program and ISCM activities are addressed and remediated in a manner that is commensurate with the risks posed to the system from the anomaliesEvaluate the impact of network and system changes using RMH processesDevelop and review security and privacy artifacts and required activities through all phases of the Expedited Life Cycle in accordance with the CMS IS2P2 for ISSOs?Specific Skills Required:10+ year's general information technology experience.8+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act?Comprehensive knowledge of the?FISMA, HIPAA?laws and?Privacy Act of 1974In-depth knowledge of the?NIST SP 800?series documents, especially 800-34, 37,39 ?47, 53, 53A, 60, 63, 64, 137 and ?FIPS 140, 199, 200 and 201In-depth knowledge of the?800-53?security control requirements and standard methods for implementing themPractical knowledge of IT System contingency planningUnderstanding of risk assessment and risk management conceptsGood understanding of continuous monitoring and continuous authorization conceptsGood understanding of protection of PII and PIA conceptsExpert use of MS Office, especially Word, PowerPoint and OutlookGood ability to articulate technical concepts, especially in the review processKnowledge of the CMS Security Library and the various security artifact templates and related implementation procedures, a plus??We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, employee stock ownership plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance. ??ASSYST?is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law. - provided by Dice
FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act 800-53 developing and implementing information security/assurance programs, policies, processes


Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.