Lead Analyst - ISSO
The Maximus Lead Analyst (ISSO) will work directly with the Maximus ISO Federal Director to identify and manage implementation of security policies, standards, and procedures that support customers with federal requirements to include FISMA, applicable FAR Clauses, Executive Orders, and OMB’s specific to systems assigned. The primary role of the ISSO will be the oversight of implementation of FedRAMP Moderate controls for Maximus FedRAMP systems and the management, and administration of a System Security Plan (SSP) to include all required artifacts needed for ATO continuous monitoring in accordance with agency specific and contractual requirements. This role will support the primary ISSO for Maximus Cloud.
*Position is contingent upon contract award* This is a fully remote role.Must have the ability to pass a federal background check.Equipment will be provided but must meet the remote position requirement provided below:Remote Position Requirements:- Hardwired internet (ethernet) connection- Internet download speed of 25mbps and 5mbps (10 preferred) upload or higher required (you can test this by going to www.speedtest.net)- Private work area and adequate power source
Essential Duties and Responsibilities: - Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, as outlined in the Information Security policy, under the direction of the Information Security management team. - Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications. - Ensure controls are properly and fully implemented to address identified Information Security risks for assigned area of responsibility. - Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements. - Lead and support audits and client reviews of security posture; coordinate the collection, review and submission of Information Security deliverables and track the remediation of audit findings and exceptions. - Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team. - Promotion of Information Security awareness through various communication channels within the organization. - Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets.
- Create and manage System Security Plan and creation and or validation of all associated artifacts required to maintain FedRAMP ATO and NIST 800-53 compliance to include but not limited to a System Level Continuous Monitoring (SLCM) Strategy, HW/SW lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, SCRM Plan, Risk Assessment Review (RAR) and Plan of Action and Milestone (POA&M). (50%) - Liaison with Maximus Federal business units, Maximus Corporate business units, system owner, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met. (20%) -Communicate federal requirements to Maximus Information Security Office (ISO) and advise implementation of applicable security controls and hardening standards to governance and technical teams. (10%) - Assist the BISO and ISO Team in the identification and assignment of control owners throughout the organization and continually review controls on organizationally defined periodicities. (10%) - Actively collaborate with Maximus Threat and Vulnerability Management (TVM) Team to ensure applicable technologies are compliant with defined vulnerability remediation timelines and hardening standards via enterprise vulnerability management tools. (10%)
Minimum Requirements
- Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required. - Bachelor’s degree and 7+ years of relevant professional experience required, or equivalent combination of education and experience.
- Bachelor’s Degree in Computer Science or related field or the equivalent combination of education, training, or work experience. - 7+ of security or technology related experience. - GSA RMF and A&A Experience desired - Strong understanding of federal requirements to include but not limited to applicable Executive Orders, FedRAMP, FISMA, FIPS, NIST 800-53, NIST 800-60, and NIST 800-65. - Experience developing SSP’s and applicable artifacts required for A&A activities. - Experience with STIG compliance. - Experience with vulnerability management and assessment via Qualys, Tenable, Acunetix, and AWS Inspector. - Works on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. - Exercises judgement in selecting methods, techniques, and evaluation criteria for obtaining results. - Networks with key contacts outside own area of expertise. - Develops solutions to a variety of complex problems. - Work requires considerable judgment and initiative. - Ability to communicate technical information in understandable business terms. - Excellent interpersonal skills, presentation skills, and verbal / written communication skills. - Strong customer service abilities required. - Ability to work collaboratively with a broad range of staff. - Skilled in Microsoft Office software including Word, Excel, and PowerPoint. - Ability to perform comfortably in a fast-paced, deadline-oriented work environment. - Ability to execute many complex tasks simultaneously, and work as a team member as well as independently.
EEO Statement
Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.
Accommodations Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process—including accessing job postings, completing assessments, or participating in interviews,—please contact People Operations at applicantaccom@maximus.com.
|
