System Compliance Lead
gTANGIBLE Corporation (gTC), www.gtangible.com, is a C corporation and a registered Government contractor that provides services and solutions in:
- National Security Programs
- Professional, Administrative, and Management Support
- Mission and Warfighter Support
We are a Service Disabled Veteran Owned Small Business (SDVOSB) and the founder has years of successful experience in the Government contracting arena. Our leadership team is an exceptional group of Government contracting professionals. gTANGIBLE is in the process of identifying candidates for the following position.
Requisition Type: Full Time
Position Status: Contingent
Position Title: System Compliance Lead
Location: Washington, DC
Duties and Responsibilities
The System Compliance Lead will oversee compliance monitoring to assist TSA in completing National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step 6 for all of TSA systems. Duties include the following:
- Execute day to day Federal Information Security Management Act (FISMA) compliance monitoring, ensuring that all FISMA activities, including Continuous Diagnostic and Mitigation (CDM) program activities, are prioritized correctly, completed on schedule, and are in accordance with DHS and TSA policies:
- Research major obstacles related to the ever-changing DHS FISMA requirements, which TSA will need to overcome on a weekly, monthly, and yearly basis
- Track whether TSA information systems have mitigated their weaknesses on time using the appropriate processes, Authority to Operate (ATO) expirations, OA, Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, systems meeting DHS Scorecard requirements, audit efforts, and CDM support efforts
- Track that mandated FISMA activities are being executed according to the DHS Information Security Performance Plan for each fiscal year.
- Provide compliance monitoring metrics and reporting to Information Assurance and Cybersecurity Division (IAD) leadership, System Owners and Information System Security Officers (ISSO):
- Assist in completing TSA Management Control Objectives Program (MCOP) reporting requirements
- Review DHS Scorecard and generate Get to Green reports for IAD management and system ISSOs. Conduct meetings with system owners and ISSOs with the goal to improve system scores within the DHS Scorecard
- Manage ISVM alerts and bulletins for TSA to include tracking, distributing, and providing reports
- Create dashboards, tracking, and monitoring tools as required for, but not limited to the following items: High Valued Assets, ISVMs, POA&Ms, system scores
- Track and respond to cybersecurity related Data Calls, Audits, and DHS Queries.
- Create Governance, Risk, and Compliance (GRC) presentations for monthly ISSO training.
- Manage the GRC iShare (SharePoint) sites to include document uploads, page updates, access requests, permissions, etc. on an ongoing basis.
- Create or update existing templates for Memos, Risk Assessments, Disposal Packages, etc. to standardize and simplify the process.
- Provide recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.
Knowledge and Qualifications
- A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems OR a relevant Master's Degree in IT, Computer Science, or Engineering and 7 years' of IT cybersecurity experience including direct support for the US Government and 5 years acting as an ISSO, assessor, or compliance analyst
- At least one of the following security certifications: Certified Authorization Professional (CAP), Certified Information Systems Security Officer (CISSO), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP)
- Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements
- Technical knowledge of complex enterprise IT systems
- Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
- Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.
gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.