Our client is a Government service oriented business enterprise headquartered in Columbia, Maryland. The company prides itself on its ability to strategically deliver information technology solutions to a diverse portfolio of Federal, State and Local Government customers. Our Client provides a variety of premier government-oriented web hosting, cyber security, information management and helpdesk services as a standard set of its service offerings.
They are currently seeking an Information Security Compliance Coordinator in Columbia, MD.
Performs information technology risk and compliance work. Provides coordination and oversight, guidance, expertise, and internal consultancy in Information Technology (IT) compliance through effective and efficient application of FISMA regulatory requirements. Ensures the organization is applying the appropriate amount of security controls as determined by company strategy and regulators. Works under minimal supervision, with considerable latitude in the use of initiative and independent judgement.
• Oversees and provides leadership and subject matter expertise to drive effective and efficient IT compliance with Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) 800-53 controls.
• Liaises, coordinates and engages with external and internal stakeholders on all IT audit and security assessment activities, and facilitate with all stakeholders on the preparation and presentation of appropriate examination materials.
• Coordinates and supports in the documentation preparation & ongoing maintenance of all IT audit* assessment, and plan of action plan materials.
• Provides internal consultative and partnership support to IT and other staff to develop secure processes and technology in compliance with FISMA, and NIST 800-53 Revision 4.
• Facilitates IT security risk and exception management processes in accordance with company policies.
• Serves as the point of contact for compliance requirements, audit tracking, and remediation activities, and also the intake recipient of risk management processes. Oversees, and executes compliance processes to support and maintain FISMA accreditation for customer systems.
• Oversees the execution of compliance processes to support and maintain FISMA accreditation for customer systems.
• Promotes, sponsors, and recommends IT compliance processes, projects and programs to support and maintain company compliance with FISMA and other regulatory compliance frameworks as needed.
• Trains, coordinates, and evaluates personnel and work activities.
• Participates in special projects and performs other duties as assigned.
• Local travel to Baltimore-Washington DC, and long distance travel may occasionally be required.
REQUIRED SKILLS AND EXPERIENCE
• 3 years facilitating compliance with FISMA and NIST SP800 family of standards and guidelines or similar level of IT compliance framework
• 3 years IT audit program preparation, risk assessments, integrated audit approaches, and evaluation of internal controls
• GRC platforms experience, preferred
• Have or obtain a Professional Security certification, such as Security +, Network+, CISSP, CISA, CIA, SSCP5 ISSMP within 1 year of employment
• Multitask and meet deadlines
• Exercise logic and reasoning to define problems, establish facts and draw valid conclusions
• Make decisions that support business objectives and goals
• Identify and resolve problems or refer issues appropriately
• Communicate effectively verbally and in writing
• Adapt to the needs of internal and external customers
• Show integrity and ethical behavior; respect confidentiality, business ethics and organizational standards
DESIRED SKILLS AND EXPERIENCE
• Program/project planning, development and management methodologies
• Federal Information Security requirements, standards, and guidelines such as NIST, FIPS, and FISMA
• Information security systems planning and support operations
• Business continuity planning, auditing, and risk management
• Basic understanding of LAN/WAN/Microsoft/Linux/Networking concepts and technologies
• Existing professional certification
• Bachelor's degree from an accredited college or university in business, computer science, accounting, finance, or related discipline
• Additional experience in IT audit program preparation, risk assessments, integrated audit approaches, and evaluation of internal controls or other related areas may be substituted for Bachelor's degree on a year per year basis. (Experience requirements may be satisfied by full-time experience or the prorated part-time equivalent.)
• Must be a US Citizen (clearable)
Our Client will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.