Elegant Enterprise - Wide Solutions, Inc

Perform security assessments of CLIENT general support systems, major and minor applications based on all applicable and current NIST, NIH, HHS, FISMA, and OMB regulations and policies.. Utilize SIEM tools: Nessus/Tenable, Appscan, BigFix, JAMF, Cylance, CyberArk, and others. Review and update security summary report and makes corrections prior to submission to the Department of Health and Human Services (DHHS).. Biomedical Research Center (BRC) at 251 Bayview Boulevard, Baltimore, MD;. Harbor Hospital at 3001 S Hanover St, Baltimore, MD;

information system security officer

Information System Security Office Responsible for assuring all systems, components and services supported by ITB for CLIENT are in compliance with federal security polices, processes, and procedures. Work in collaboration with the CLIENT IT security team to complete all Authority To Operate (ATO) activities, including implementing security assessments and authorizations (SA&A) of CLIENT systems, and ensuring that the processes for CLIENT systems continue to occur at the required intervals, or whenever major changes are implemented. Perform Oversight and Compliance Verification Assessment and Continuous Monitoring, Contingency Plan Development and Evaluation, Vulnerability Scanning and Auditing, and Security Program Assessment Support. Provide recommendations for improving security processes and procedures, analyze existing IT security processes and procedures within the CLIENT to meet new IT security requirements. <ul><li> Perform security assessments of CLIENT general support systems, major and minor applications based on all applicable and current NIST, NIH, HHS, FISMA, and OMB regulations and policies.</li><li> Produce, updates and reviews security assessment report, security assessment plan, risk assessment, test plans, system security plan, contingency plan, and Security Control Assessment (SCA) testing report.</li><li> Document assessment activities and results in sufficient detail to enable external review of all findings, processes, activities, results and resolutions.</li><li> Provide guidance and recommendations for corrective action of all non-compliant security controls.</li><li> Develop, modify and run automation scripts using tools such as Microsoft PowerShell</li><li> Use NIH Security Authorization Tool (NSAT) security assessment reporting tool</li><li> Utilize SIEM tools: Nessus/Tenable, Appscan, BigFix, JAMF, Cylance, CyberArk, and others</li><li> Report critical vulnerabilities that need remediation to systems administrators and to ISSO.</li><li> Provide security expertise to ensure security controls are implemented and the resulting documentation is current.</li><li> Conduct security testing and develops assessment of local area network and components to ensure compliance with current security guidelines and requirements.</li><li> Create and manages Plan of Action and Milestones (POA&M) and communication to system owners, system ISSOs, and authorizing officials.</li><li> Develop and revises as needed all required system and application security documentation including: System Security Plans (SSPs), Rules of Behavior, Risk Assessments.</li><li> Create and document Risk Acceptance Memos for risks identified and accepted.</li><li> Review, updates, and enter system inventories in security system.</li><li> Serve as a subject matter expert on network continuous monitoring tools implementation across CLIENT. Recommend solutions and implement as needed to support vulnerability remediation for Windows, Mac, Linux and other operating systems.</li><li> Determine appropriate response to vulnerabilities and implement resolutions that do not impact the environment. Troubleshoot any issues based on implementing recommended vulnerability resolution recommendations.</li><li> Serve as a subject matter expert on the network continuous monitoring tools implementation across CLIENT.</li><li> Recommend solutions to support vulnerability remediation for Windows, Mac, Linux and other operating systems.</li><li> Update all draft policies, procedures, and standards or identify non-existing policies, procedures and standards. as needed and at the recommendation of the Contracting Officer Representative (COR) and ITB Leadership,</li><li> Provide technical guidance and monitor application of security policies in the operational functions of administering and maintaining Windows Servers, Network Components, Desktop Administration, and day to day operation of CLIENT infrastructure.</li><li> Contractor shall provide recommendations regarding the CLIENT in requirements analyses to establish a comprehensive plan for managing information resources in a manner that supports and promotes the fulfillment of the CLIENT mission and programs.</li><li> Provide a weekly written report outlining the accomplishments completed, planned accomplishments, potential risks and recommendations that will help enhance the current operations of the day to day operations.</li><li> Work closely with the CLIENT staff to evaluate and provide recommendations to the COR and ITB Leadership regarding emerging technologies that could change the way that HHS, NIH, or CLIENT conducts business internally, or how CLIENT interacts with industry/partners.</li><li> Develop recommendations for incorporating the technology into the strategic plan, technical architecture, and capital planning process in order for CLIENT to remain current with the marketplace and their internal and external users.</li><li> Deliver to the ISSO or designee a report including analysis and recommendations, guidance and strategies, and implementation support for each activity assigned under this task.</li><li> Report and adhere to the guidance provided by the CLIENT CIO and/or ISSO.</li><li> Act upon the request of the CLIENT CIO and/or ISSO as the ISSO backup and shall function as the CLIENT ISSO upon request.</li><li> Create applicable security documentation as needed to support SA&A activities.</li><li> Review, update, and create Privacy Impact Assessments on a yearly basis or as required by federal laws.</li><li> Assist with preparation and coordination of contingency plan testing for GSSs and applications.</li><li> Assist with exercise and/or documentation of IT COOP, Disaster Recovery, and other contingency documents or plans.</li><li> Review and update security summary report and makes corrections prior to submission to the Department of Health and Human Services (DHHS).</li><li> Prepare quarterly security awareness article for the CLIENT Newsletter.</li><li> Validate compliance of the CLIENT IT Security Program throughout CLIENT facilities located at:</li><li> Gateway (GTW) building at 7201 Wisconsin Avenue, Bethesda, MD;</li><li> Building 31 on the NIH main campus at 9000 Rockville Pike, Bethesda, MD;</li><li> Biomedical Research Center (BRC) at 251 Bayview Boulevard, Baltimore, MD;</li><li> Harbor Hospital at 3001 S Hanover St, Baltimore, MD;</li><li> Laboratory of Neurogenetics located in Porter building NIH main campus.</li><li> Laboratory of Genetics and Genomics (LGG) located in Building 37 on the NIH Main Campus;</li><li> Fishers Lane building at 5601 Fishers Ln, Rockville, MD;</li></ul>

START NEW SEARCH