Cognosante is on a mission to transform our country's healthcare and national security systems. With our health and security-focused solutions, we help public sector organizations achieve the important task of providing the best possible public services to American Citizens. From Enterprise IT, Data Science, and Security Services, to full-scale Consumer Engagement and Interoperability solutions, we are moving government services forward with transformation and innovation. Learn how we are making a difference in people's lives today!
Job Description
The Chief Security Officer is responsible for all activities related to achieving and maintaining authorization to operate (ATO) for information systems supporting Social Security Administration (SSA) Ticket to Work Program (TPM) and federal government contracts, following NIST Risk Management Framework procedures and guidance mandated under FISMA. Key job duties including specifying and documenting security control requirements, supporting security control assessments, and working with development and implementation team members to ensure that all security requirements are adequately addressed. The Security Officer also identifies relevant security and privacy standards and regulations applicable to systems under development or in operation and helps ensure compliance with those standards and regulations.
Key Responsibilities
Analyze systems, data, and operating environments to determine appropriate security controls
Produce key authorization package documentation, including System Security Plans, Contingency Plans, Security Test Plans, Plans of Action and Milestones, Privacy Impact Assessments, and related artifacts
Review system architecture and system design documentation to identify security-relevant aspects of systems and solutions and accurately reflect that information in security documentation
Work closely with project team members to make sure that applicable security requirements are incorporated in systems and solutions deployed for the project
Participate in business, technical, and security reviews of the solution to explain selected security and privacy controls
Perform initial and ongoing risk assessments of the system
Prepare a System Security Plan (SSP) to document the implementation status of required security controls
Required Qualifications
Minimum 5 years relevant experience
Bachelor's Degree or equivalent experience
Strong technical knowledge of networks, operating systems, and n-tier applications
Experience performing risk management framework and system authorization tasks in a FISMA (i.e., federal government agency) setting
Familiarity with NIST standards and guidance including FIPS 199, FIPS 200, and the 800 series of Special Publications
Excellent organizational, interpersonal, verbal, and written communication skills
Ability to work effectively as part of an integrated project team, while also taking ownership of assigned tasks to successfully achieve explicit delivery dates and milestones
Ability to perform comfortably in a fast-paced, deadline-oriented work environment
Ability to successfully execute many complex tasks simultaneously
Candidates that do not meet the required qualifications will not be considered.
Preferred Qualifications
Relevant security certifications such as CISSP, SSCP, CAP, or CISA
Formal education or professional experience in information assurance, information security management, or security operations