Information Security Specialist Senior (20-035)

Location: Washington D.C.

Security Clearance Eligibility: Top Secret

Duties and Responsibilities:

The successful candidate will provide support required to effectively research, develop, implement, test and review information security policies, practices, and procedures in order to protect information and prevent unauthorized access. The Information Security Specialist will inform our customer about security measures and explain potential threats. You will define, create and maintain the documentation for certification and accreditation of each information system in accordance with government or regulatory requirements. You will also assess the impacts on security for all system modifications and technological advances. Additionally, you will be required to review systems in order to identify potential security weaknesses, recommend and implement improvements to mitigate vulnerabilities and update corresponding documentation as necessary.

• Employs the National Institute of Standards and Technology (NIST) Cybersecurity Framework [NIST CSF] to align with the RMF risk management processes

• Coordinate and facilitate a system’s Authorization to Operate (ATO) by drafting security and risk assessment reports, recommend Plans of Action and Milestones (POA&M) and/or Risk Based Decisions for the system’s Authorizing Official via executive-level briefings

• Develop cybersecurity policies, processes and procedures that support the implementation of NIST Special Publication (SP) 800-53 controls (specifically related to Governance, Risk, and Compliance) as well as other relevant NIST information security publications

• Recommend and implement process improvements as necessary to facilitate team and stakeholder collaboration and improve cyber security operations

• Conducts organization-wide identification of common controls and the development of organizationally tailored control baselines, reducing the workload on individual system owners and the cost of system development and asset protection

• Provide training and examples to technical teams to illustrate information security best practices and/or proper cyber-hygiene

• Focuses business drivers to guide cybersecurity activities and consider cybersecurity risks as part of the organization’s risk management processes

• Supports the integration of privacy risk management processes into the RMF to better support the client’s privacy protection needs

Qualifications:

• US Citizen

• Active Top-Secret clearance

• Bachelor's degree in cyber security, information technology or related field;

• 8+ years of experience in information security;

• 3+ years of experience with NIST 800-53;

• Certified Authorization Professional (CAP), CISSP – Information Systems Security Management Professional (ISSMP), Certified Cloud Security Professional (CCSP), or Certified Information Security Auditor (CISA)

1 Source in accordance with applicable law, does not discriminate in hiring or otherwise in employment on the basis of race, color, religion, sex, national origin, age, marital or veteran status, disability, sexual orientation, or any other legally protected status.

1 Source is an Equal Opportunity Employer and strives for diversity. Careers with 1 Source feature excellent growth, very competitive health and welfare benefits, and 401(k) program with a Company match.