Information System Security Officer
Current● Conduct third party risk assessments to assist in determining the Administration for Children and Families (ACF) ability to protect the confidentiality, integrity, and availability of sensitive data ● Provide security guidance and support to ACF on the FISMA and NIST process● Manage security documentation deliverables and lead the Assessment & Authorization (A&A) team alongside the government ISSO to provide Security Packages (FIPS 199, System Description, System Environment & Component Inventory, Related Laws, Regulations, and Policies, Rules of Behavior, Privacy Threshold Analysis, Continuous Monitoring Plan, Interconnection Agreements, Business Impact Analysis, Contingency Plan, Contingency Plan Test Plan & Results, Risk Assessment Report, Designation Letters, Security Authorization Letter, Incident Response Plan, Configuration Management Plan)● Interview System Administrators to assist in generating custom reports and/or artifacts in support of the A&A process● Develop monthly BOD 18-01 reports in order to ensure client systems are in compliance with DHS mandates● Develop, review and update required security documentation including but not limited to System Security Plans (SSPs), Contingency Plans (CP), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SAR)● Conduct gap analysis and document reviews of NIST policy documents, and updating protocols and procedures resulting from new guidance● Work closely with IT and development teams in order to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.● Create and manage POA&Ms for assigned systems while conducting quarterly POA&M follow up meetings with system Technical Leads and System Owners to determine what security controls have been implemented and to ensure the identified risks have been mitigated accordingly