Information Security Risk Specialist, Remote

Information Security Risk Specialist, Remote

• Contract to Hire
• 100% Remote
• Target Salary: $60-75K

US Citizenship is required along with the ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements.

Description

As an Information Security Risk Specialist on our client's team, you'll use yourexperience to work with a government client to develop documentation packetsfor VA Area Medical Centers (VAMC) and software systems applying to connect tothe Department of Defense Health Agency (DHA) electronic health recordsnetwork. You will work with a Government Lead to review documents related tothe DHA connection requirements. This will include hardware and softwarereviews, Plans of Action and Milestones (POA&M) reviews, and review NISTSP 800-53 controls, system diagrams and other support documents. You willtranslate your findings in workable actions to be applied by the Area orSystem. Based on direction and guidance from the Government Lead, you may workwith the Area VAMC or system personnel to resolve issues identified during thereview. You may be required to support the resolution of any questions orinformation needs developed by the Approving Authority. You will work with theGovernment Leads and other clients to develop and review Standard OperatingProcedures (SOPs) Directives and other guidance supporting the operation ofthis group.

Requirements

• Experience with NIST special publications and FIPS
• Experience with information security and assurance principles, including theNIST Cybersecurity Framework
• Experience with assisting and leading efforts involving the development andinterpretation of SOPs, directives and other guidance documents
• Experience with assessing NIST security and privacy controls and maintainingPlans of Action and Milestones (POA&Ms)
• Experience with Governance Risk Compliance (GRC) tools, including eMASS
• Experience with providing guidance for the NIST security and privacy controlsand for providing sufficient documentation and artifacts for each control inthe GRC tool
• Experience in reviewing security requirements, ensuring a proper vulnerabilitydescription, mitigation strategy, impact statement, funding, milestones, etc.for deficiencies and working directly with clients to provide solutions andeducation
• Experience in performing annual security reviews in accordance with FISMAreporting
• Bachelor's degree in CS, Engineering, or IT and 5+ years of experience with ITor 13+ years of experience with IT in lieu of a degree

Preferred

• Experience with Privacy and Security control implementation, testing andassessment, and POAM management
• Experience with using data analytical tools
• Experience with the VA
• Ability to work flexibly in a very fast-paced environment
• Possession of excellent customer service and organization skills
• Possession of excellent verbal and written communication skills
• Public Trust
• CAP, CISSP, CISM, PMP, or CCSK Certification

Please Note:

• Only those individuals selected for an interview will be contacted.
• No calls, inquiries, or Third-Party Vendors please.
• We are an equal opportunity employer. We encourage applications from candidates of all backgrounds and experiences. (The ACI Group is unable to sponsor H1B Visas).
• $1000 Referral Bonus - www.aci.com.

Since 1988, The ACI Group, a Baltimore-based staffing firm, has been committed to hiring the industry's leading professionals, and presenting exciting career opportunities. We have access to varied types of contract, permanent and contract-to-perm positions and offer a choice of employment options including a full benefits package.