System Security Compliance Officer Sr- MINI TEAM CAPTAIN

Job Description

Job Description

System Security ComPLIANCE OFFICER SR MINI TEAM CAPTAIN

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

Zermount Inc. is seeking a Senior Compliance Officer Mini Team Captain who will perform complex risk analyses and ensure systems and technologies satisfy Information Assurance (IA) and Cybersecurity requirements, based on federal requirements, laws, mandates, policies, procedures, standards, and guidelines (e.g., EOs, OMB, BODs, NIST, and agency specific requirements). The Compliance Officer will provide Plan of Actions and Milestones (POA&M) management, conduct FISMA Compliance meetings, and work with Information Systems Security Officers (ISSO), System Owners (SO), stakeholders, and leadership to meet performance and scorecard metrics. The Compliance Officer will conduct regular (e.g., daily, weekly, monthly) system security compliance meetings for assigned systems of responsibility, provide feedback and recommended mitigations to ensure systems meet the minimum requirements and security posture. Support customer at the highest levels to ensure the implementation of doctrine and policies.

Duties & Responsibilities :

The Senior Compliance Officer Mini Team Captain will provide the following support and services :

• Perform Compliance reviews and analyses to verify compliance with federal requirements (e.g., EO, OMB Memos, A-130, NIST SP 800-37, 800-53, FIPS199, and FIPS-200, etc.).
• Perform analyses of security implementations for assigned systems pertaining to people, processes, and technologies, identify gaps and recommend solutions.
• Conduct daily, weekly, monthly compliance monitoring of assigned systems for all RMF steps.
• Conduct compliance assessments of assigned systems, based on the Zermount approved Compliance Support Services Framework.
• Execute day to day FISMA compliance monitoring, ensuring that all FISMA activities, including Information Security Continuous Monitoring (ISCM), Continuous Diagnostic and Mitigation (CDM), and FISMA program activities assigned are prioritized correctly, completed on schedule, and are in accordance with Agency and organizations policies.
• Research major obstacles related to the ever-changing FISMA requirements, which customers will need to overcome and provide recommendations.
• Track system ATO status, security documentation expirations (Contingency Plan, Contingency Plan Test, Configuration Management Plans, Incident Response Plans, etc.) Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, audit efforts, and CDM support efforts.
• Conduct analysis of system level POA&Ms and provide guidance and recommendations on potential mitigation to close current or delayed POA&Ms.
• Track and report on whether assigned systems have mitigated their weaknesses on time using the appropriate processes and reporting timelines.
• Track and report on whether mandated FISMA activities are being executed in accordance with the current DHS Information Security Performance Plan (ISPP) for the fiscal year.
• Provide compliance monitoring metrics and reporting to Agency leadership.
• Review the DHS Scorecard, for each assigned system, conduct analysis, and generate "Get to Green" reports.
• Conduct Get-to-green meetings with SOs and ISSOs, provide status, deficiencies, recommendations, and document action items with estimated completion dates (ECDs) with the goal of improving system scores within the DHS Scorecard.
• Manage ISVM alerts and bulletins for TSA systems to include tracking, distributing, and providing reports.
• Support systems of responsibility to ensure all ISCM and CDM requirements are met and mitigations for failing requirements are identified and discussed to ensure a plan is established to meet all requirements defined. Provide monthly reports with action items for stakeholders and leadership.
• Create briefings and reports, as required for, but not limited to the following items : high valued assets, ISVMs, POA&Ms, system scores (FISMA & ISCM).
• Provide input into the GRC presentations for monthly ISSO Townhall training, as required by management or the Communications & Training Team Lead.
• Provide updates and input to the GRC SharePoint sites to include document uploads, page updates, access requests, permissions, etc. on an ongoing basis.
• Create or update existing templates for memos, risk assessments, disposal packages, to standardize and simplify the process.
• Conduct system compliance assessment to identify progress on ATO conditions, develop extension packages as required annotating analysis of system data / progress.
• Conduct POA&M management activities, to include processing, reviewing, verifying, and validating creation and closures.
• Report on expiring and overdue POA&Ms and ensure compliance with all DHS POA&M metrics and requirements as outlined in agency policy and the DHS ISPP.
• Review waiver and risk acceptance requests for compliance with the Agency's Policies and Procedures.
• Provide Quality Reviews of security documentation to ensure accuracy and compliance throughout the RMF process.
• Support systems of responsibility to ensure all Ongoing Authorization (OA), requirements are met, and any deficiencies are identified and tracked. Monitor activities and ensure all deficiencies exceeding 30 days are identified as requiring a POA&M.
• Assist with conducting review and analysis of Requests for Change (RFC) and providing recommendations to conduct risk assessment (as applicable) based on the change and / or Security Impact Assessment (SIA).
• Support Security Control Assessors (SCAs) as required for assigned systems.
• Provide input and assist with all audits, data calls, and queries relating to assigned systems.
• Stay current with the latest developments in cybersecurity, information assurance, GRC, and related cybersecurity trends.
• Create or update existing templates such as memos, risk assessments, disposal packages, to standardize and simplify GRC processes.
• Assist in completing customer's Management Control Objectives Program (MCOP) reporting requirements.
• Provide Weekly status reporting to leadership
• Assist and support other team members as required by the Program Manager.
• Provide Leadership and Mentoring 2-3 compliance officers

Qualifications :

Education and / or Experience :

Certifications :

Clearance level :

Work Location :

Hours of Operation :