Information Security Risk Specialist, Remote

Information Security Risk Specialist, Remote

• Contract to Hire
• 100% Remote 
• Target Salary:  $60-75K

US Citizenship is required along with the ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements.

Description

As an Information Security Risk Specialist on our client's team, you'll use your experience to work with a government client to develop documentation packets for VA Area Medical Centers (VAMC) and software systems applying to connect to the Department of Defense Health Agency (DHA) electronic health records network. You will work with a Government Lead to review documents related to the DHA connection requirements. This will include hardware and software reviews, Plans of Action and Milestones (POA&M) reviews, and review NIST SP 800-53 controls, system diagrams and other support documents. You will translate your findings in workable actions to be applied by the Area or System. Based on direction and guidance from the Government Lead, you may work with the Area VAMC or system personnel to resolve issues identified during the review. You may be required to support the resolution of any questions or information needs developed by the Approving Authority. You will work with the Government Leads and other clients to develop and review Standard Operating Procedures (SOPs) Directives and other guidance supporting the operation of this group. 

Requirements

• Experience with NIST special publications and FIPS
• Experience with information security and assurance principles, including the NIST Cybersecurity Framework
• Experience with assisting and leading efforts involving the development and interpretation of SOPs, directives and other guidance documents
• Experience with assessing NIST security and privacy controls and maintaining Plans of Action and Milestones (POA&Ms)
• Experience with Governance Risk Compliance (GRC) tools, including eMASS
• Experience with providing guidance for the NIST security and privacy controls and for providing sufficient documentation and artifacts for each control in the GRC tool
• Experience in reviewing security requirements, ensuring a proper vulnerability description, mitigation strategy, impact statement, funding, milestones, etc. for deficiencies and working directly with clients to provide solutions and education
• Experience in performing annual security reviews in accordance with FISMA reporting
• Bachelor's degree in CS, Engineering, or IT and 5+ years of experience with IT or 13+ years of experience with IT in lieu of a degree

Preferred 

• Experience with Privacy and Security control implementation, testing and assessment, and POAM management
• Experience with using data analytical tools
• Experience with the VA
• Ability to work flexibly in a very fast-paced environment
• Possession of excellent customer service and organization skills
• Possession of excellent verbal and written communication skills
• Public Trust
• CAP, CISSP, CISM, PMP, or CCSK Certification

Please Note:

• Only those individuals selected for an interview will be contacted.
• No calls, inquiries, or Third-Party Vendors please.
• We are an equal opportunity employer. We encourage applications from candidates of all backgrounds and experiences. (The ACI Group is unable to sponsor H1B Visas).
• $1000 Referral Bonus - www.aci.com.

Since 1988, The ACI Group, a Baltimore-based staffing firm, has been committed to hiring the industry's leading professionals, and presenting exciting career opportunities. We have access to varied types of contract, permanent and contract-to-perm positions and offer a choice of employment options including a full benefits package.