Datawiz is seeking a Security Project Manager to join the team in Washington, DC (Peace Corps)
b) Independently implement all RMF tasks which are the Primary Responsibility or the Supporting Role assigned to the System Owner, Information Owner or Steward, Mission or Business Owner, or System Security Officer;
c) Perform technical security impact analysis for all changes to the information system;
d) Provide the guidance and oversight necessary to ensure the completeness and accuracy of documentation related to the Primary Responsibility or the Supporting Role assigned to the System Owner, Information Owner or Steward, Mission or Business Owner, or System Security Officer.
Security PM shall ensure the implementation and maintenance of security controls in accordance with the Security Plan (SP) and Peace Corps policies and procedures.
In addition to the above, the Security PM shall:
a) Ensure the assigned FISMA systems maintain their ATO through independent security assessment and authorization;
b) A Security PM may be assigned to more than one system;
c) Have oversight responsibility to ensure proper access controls have been implemented and managed;
d) Ensure audit logs are reviewed at an agreed upon frequency, where the frequency may increase if warranted by incident or situational awareness. When reviewing logs, some events
will require follow-up inquiries to determine if a problem exists, whether corrective action is required, or if there is another explanation. e) Be responsible for conducting assessments of controls for their system to ensure the controls have been implemented properly and are still effective where the risk posture is documented in a system risk assessment report.
f) Ensure documents provided to auditors are what was requested and approved for release. Documents provided to auditors should be properly labeled so that the auditor is aware if they contain sensitive information. Security PM shall follow agreed on procedures when providing documents.
g) Ensure that new vulnerabilities are evaluated by the respective subject matter expert and corrective action implemented.
h) Follow agreed on procedures when providing documentation;
i) Security PM shall collaborate with the ISSE in conducting security impact assessments on changes to their respective FISMA systems;
j) Collaborate with the Security Operations Center in reviewing vulnerability and compliance scan results at an agreed upon frequency. Any findings in the scan results are to be tracked as a corrective action plan and managed in CSAM as a POAM.
7 years of experience in collecting, analyzing, and reporting to solve technical or management issues. Requires PMP and CISSP for key personnel.