Lead Analyst - ISSO - Maximus
Bangor, ME 04401
About the Job
Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs. Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs. With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom. For more information, visit https://www.maximus.com .
The Information Systems Security Officer supports and sustains the client's cybersecurity program; provides cybersecurity management for operational performance and compliance for all networks, systems and applications, provides centralized management of Security Assessments (SA), ongoing assessments, new authorizations, proposes information security technical and administrative solutions, develops and executes plans for monitoring and assessing networks, systems and applications, supports sustainment of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process and cloud application onboarding.
The Information Systems Security Officer (ISSO) for Federal Services will work directly with the Business Information Security Officer (BISO) supporting the Maximus Federal Services business segment to align all technologies, policies, standards, and procedures that support federal customers with federal requirements, including FISMA, applicable FAR and DFAR Clauses, Executive Orders, and OMB's. The primary role of the ISSO will be the creation, management, and administration of a System Security Plan (SSP) to include all required artifacts needed to obtain a CMMC certification and to maintain compliance with NIST 800-53 and associated NIST 800 series publications. The ISSO will be responsible for continuous monitoring of the technology environment supporting federal customers and will be the subject matter specialist for control management and the establishment of Inheritance which will be used to support existing and future federal projects to include the DoD.
Additional Requirements as per contract/client:
Candidates must be a US Citizen
Essential Duties and Responsibilities:
-Responsible for ensuring information security for an assigned area of Business / Project focusing on key areas of risk, outlined in the Information Security policy, under the direction of the Information Security management team.
- Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications.
- Ensure controls implementation for identified Information Security risks for business area of responsibility.
- Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements.
- Support audit and client engagements, coordinate the collection, review and submission of Information Security deliverables and coordinate the remediation of audit concerns.
- Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team.
- Promotion of Information Security awareness through various communication channels within the organization.
- Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets.
- Travel required up to 25%.
- Other duties as assigned.
Project Responsibilities
- Create and manage System Security Plan and creation and/or validation of all associated artifacts required to obtain CMMC Level 2 certification and NIST 800-53 compliance, including a System Level Continuous Monitoring (SLCM) Strategy, hardware/software lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, Risk Assessment Review (RAR) and Plan of Action and Milestone (POA&M). (50%)
- Liaison with Federal Services business segment, corporate business units, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met. (20%)
- Communicate federal requirements to other Maximus Information Security Office (ISO) teams and advise implementation of applicable security controls and hardening standards to governance and technical teams. (10%)
- Assist the BISO and ISO in the identification and assignment of control owners throughout the organization and continually review controls on organizationally defined periodicities. (10%)
- Actively collaborate with ISO Threat & Vulnerability Management to ensure applicable technologies are compliant with defined vulnerability remediation timelines and hardening standards via enterprise vulnerability management tools. (10%)
Minimum Requirements
Minimum Qualifications:
- Bachelor's Degree
- 7+ of security or technology related experience
- Works on complex issues where analysis of situations or data requires an in depth evaluation of variable factors.
- Exercises judgement in selecting methods, techniques, and evaluation criteria for obtaining results.
- Networks with key contacts outside own area of expertise.
- Develops solutions to a variety of complex problems.
- Work requires considerable judgment and initiative.
- Ability to communicate technical information in understandable business terms
- Excellent interpersonal skills, presentation skills, and verbal / written communication skills
- Strong customer service abilities required.
- Ability to work collaboratively with a broad range of staff. Skilled in Microsoft Office software including Word, Excel, Visio, MS Project, and PowerPoint
- Ability to perform comfortably in a fast-paced, deadline-oriented work environment
- Ability to execute many complex tasks simultaneously, and work as a team member as well as independently
Project Requirements
- Bachelor's Degree in Computer Science or related field or the equivalent combination of education, training, or work experience.
- 7+ of security or technology related experience.
- Strong understanding of federal and DoD requirements to include but not limited to applicable Executive Orders, FISMA, FIPS, CMMC, NIST 800-171, NIST 800-53, NIST 800-60, NIST 800-65, SCRM, FedRAMP, DODI 8500s, 8500.2s, and 8510s.
- Experience with Governance, Risk & Compliance (GRC) tools (eMASS, CFACTS, CSAM).
- Experience developing SSP's and applicable artifacts required for A&A activities.
- Experience with Security Technical Implementation Guide (STIG) compliance.
- Experience with vulnerability management and assessment via Qualys and Tenable.
EEO Statement
Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We're proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.