Information Security Expert in Washington, DC at Booz Allen Hamilton Inc.

Date Posted: 7/12/2018

Job Snapshot

Job Description

Job Number: R0032418

Information Security Expert

Key Role:

Work as part of a small team that carries out and assists the client with meeting its FISMA and FedRAMP mission and obligations. Develop and maintain numerous agency-specific security policies and procedures, maintain training and outreach resources, including Web sites, templates, and wiki pages, maintain a central FISMA inventory in ServiceNow using NCI’s custom inventory applet, assist the ISSO and CIO with responding to FISMA-related data calls, assist users and system owners to better comprehend and carry out their FISMA duties, ensure quality and consistency of submitted FISMA artifacts and packages, manage submitted FISMA packages for contractor and third-party hosted applications, assess risk, and develop risk policy-waivers, as needed. Plan and carry out contingency planning training and exercises for the client’s general support system, including the CBIIT managed network, hosting platforms and supporting services, security tools, and infrastructure at least annually.  Develop FISMA-related training courses and deliver them using classroom, online, and remote formats as directed by the ISSO and as warranted by the intended audience.  Work with the client’s communications team to develop standardized training materials and publicize training events. Assist the client’s customers with the software development life cycle (SDLC) and security controls integration to ensure adequate understanding of the RMF. Support the client’s 3 agency-sponsored FedRAMP packages by helping to lead coordinated reviews using the FedRAMP ConOps guide and the HHS Cloud security ConOps guide and managing continuous monitoring of NCI authorized Cloud Service Offerings (CSO).

Basic Qualifications:

-8+ years of experience with information security

-Experience with and the application of the NIST Risk Management Framework (RMF)

-Experience with security policy and procedure development and maintenance

-Experience with contingency planning, disaster recovery planning, and business continuity planning

-Knowledge of FedRAMP, including the Cloud service offering authorization process

-Ability to develop and provide security-related training and information resources on FISMA-related topics, including overview, application, SDLC integration, and workshops on RMF phases

-Ability to obtain a security clearance

Additional Qualifications:

-Experience with delivering in classroom and remote formats in WebEx for instructor-led training

-Experience with NIH SA&A processes, standards, and policy

-Experience with using NIH's NSAT and TAFISMA or RSA Archer

-BA or BS degree

-CISSP, CCSP, CAP, Security+, or a related Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.