||Raleigh-Durham-Chapel Hill, North Carolina, USA
Provide the following Security Certification and Accreditation Support:
a. Provide Information Technology Security Certification and Accreditation (C&A) guidance.
b. Facilitate initial briefings and subsequent meetings of the C&A core team.
c. Coordinate the completion of a BIA for each information resource.
d. Work with the Privacy Office on privacy-related requirements.
e. Recommend security requirements to executive sponsors and portfolio managers during the BIA process based on generally accepted industry practices, the operating environment [e.g., hosted in the de-militarized zone (DMZ)], and the risks associated with the information resource.
f. Provide guidance on how information resources are vulnerable to threats, what controls and countermeasures may be appropriate, and the C&A process.
g. Review and evaluate C&A documentation, including the BIA, Risk Assessment, Security Plan, Security Test and Evaluation (ST&E) plan and report, and independent reviews of the information resource.
h. Prepare the C&A Evaluation Report.
i. Escalate security concerns or forwarding the C&A Evaluation Report and supporting C&A documentation package to the certifier.
j. Work with the ISSO to complete C&A artifacts and sending the other required artifacts (e.g., TAD and security specifications for procurements) to the ISSO.
Security Support Skills Required:
A thorough understanding of the Information Resource Security Certification and Accreditation (C&A) processes
Managed the end-to-end C&A process for Business Applications and Infrastructure Systems
Knowledge and experience with managing Payment Card Industry (PCI) applications through the C&A process
1. Holds one or more of the following credentials:
a. Certified Information Systems Security Professionals (CISSP) - Desirable
b. Certified Authorization Professional CAP) - Desirable
c. Certified Secure Software Lifecycle Professional (CSSLP) - Desirable
2. Has direct experience with any of the following Certification and Accreditation (C&A) programs/processes listed below or a comparable program as an Information Systems Security Officer (ISSO), Information Systems Security Representative (ISSR), application software developer, or database administrator:
a. National Information Assurance Certification and Accreditation Process (NIACAP) - Desirable
b. Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) - Desirable
c. Systems Security Certification and Accreditation (C&A) within the Defense Logistics Agency (DLA) for Defense-in-Depth- Desirable
d. Certification and Accreditation Process for Certifiers—Defense Information Systems Agency (DISA) - Desirable
3. Has familiarity with the following information security functional areas:
a. Government and industry best practices - Mandatory
b. Assessment of sensitivity and criticality - Mandatory
c. Configuration and change control - Mandatory
d. Risk assessment methodology - Mandatory
e. Secure software development- Desirable
f. Security code review standards- Desirable
g. Business continuity management - Mandatory
h. Hardware security- Desirable
i. Software security - Mandatory
j. Network security- Desirable
k. Perimeter protection- Desirable
l. Connectivity management- Desirable
m. Remote access management- Desirable
n. Ongoing testing of controls - Mandatory
o. Secure enclaves- Desirable
p. Virus and malicious code protection- Desirable
q. Intrusion detection and prevention- Desirable
r. Penetration testing- Desirable
s. Vulnerability scans and audit- Desirable
t. Certification and accreditation (C&A) - Mandatory
u. Incident management - Mandatory
v. Monitoring - Mandatory
w. Compliance - Mandatory
x. Defense in depth - Mandatory
y. Encryption- Desirable
4. Has familiarity with the following NIST Special
Follow us on our BLOG to see more jobs like this: http://raleigh.vereduscorp.com/
Candidates work with a professional recruiter whose average experience is eight years in the industry. That means they have intimate knowledge of the Information Technology industry and market trends—who is in demand now and who will be next. Your Veredus Recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and desires. They also counsel their candidates in resume writing, interviewing, and career planning so when there’s a position you really want, you’re fully prepared to get it. Additionally, Veredus provides the following benefits:
• Medical Benefits
• Consultant Lunches and Outings
• Dental Benefits
• Life Insurance ($20,000 benefit)
• ATOP-Accrued Time Off Program
• Consultant Web-Site
• Name Plates
• Care packages/Survival packs
• Dedicated Consulting Services Representative
Veredus recently was ranked as “Best Staffing Firms to Work for 2011” by Staffing Industry Analysts in a recent survey
Nervous about an upcoming interview? Want to be as prepared as possible?
Click on the link below and you will have access to the Veredus Interview Prep Video - culled from hundreds of years of collective experience in preparing candidates for that all important job interview: