Information Security Analyst

ASSYST is looking for a Information Security Consultant to work onsite at our client in Woodlawn, MD. General Duties Provide security consulting to the ISPG (Information Security Privacy Group) ISSOs and fulfill all responsibilities identified in the HHS Information Systems Security and Privacy Policy (IS2P) Ensure the duties of the Security Control Assessor and Contingency Planning Coordination are completed as described in the HHS IS2P Coordinate with the Data Guardian, ISO, Business Owner, and Cyber Risk Advisor (CRA) to identify the types of information processed, assign the appropriate security categorizations to the information systems, determine the information security and privacy impacts, and manage information security and privacy risk Report compliance on secure protocol use in websites periodically as defined within the ARS. Submit recommendations to the Cyber Risk Advisor for system configuration deviations from the required baseline. Coordinate with the CIO, CISO, SOP, Data Guardian, and Website OwnerAdministrator to ensure compliance with control family requirements on website usage, web measurement and customization technologies, and third-party websites and application Coordinate with the System Developer and Maintainer in identifying the information security and privacy controls provided by the applicable infrastructure that are common controls for information systems Document the controls in the information security and privacy plan (or equivalent document) to ensure implemented controls meet or exceed the minimal controls defined by CISO guidance For privacy, coordinate with the Data Guardian, ISO, Business Owner, and CRA to meet all collection, creation, use, dissemination, retention, and maintenance Requirements for PII, PHI, and FTI in accordance with the Privacy Act, E-Government Act, and all applicable guidance Maintain current system information in CFACTS (e.g., POCs, artifacts) to support organizational requirements, IS2P2 and processes (e.g., communication, contingency planning, training, data calls) Coordinate with the Business Owner, ISO, and CISO to ensure that all requirements specified by the ARS and the RMH are implemented and enforced for applicable information and information systems. Ensure anomalies identified under the CMS Continuous Diagnostics and Mitigation (CDM) program and ISCM activities are addressed and remediated in a manner that is commensurate with the risks posed to the system from the anomalies Evaluate the impact of network and system changes using RMH processes Develop and review security and privacy artifacts and required activities through all phases of the Expedited Life Cycle in accordance with the CMS IS2P2 for ISSOs Specific Skills Required 7+ years of professional experience developing and implementing information securityassurance programs, policies, processes, and procedures per various security frameworkslawsstandardsdirectives, e.g. FISMA OMB directives Presidential Directives NIST (SP-800 series FIPS) HIPAA of 1996 Privacy Act Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974 In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201 In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them Practical knowledge of IT System contingency planning Understanding of risk assessment and risk management concepts Good understanding of continuous monitoring and continuous authorization concepts Good understanding of protection of PII and PIA concepts Expert use of MS Office, especially Word, PowerPoint and Outlook Good ability to articulate technical concepts, especially in the review process Knowledge of the CMS Security Library and the various security artifact templates and related implementation procedures, a plus We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, employee stock ownership plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure worklife balance. ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.