OBXtek Inc. is an established award-winning business providing information technology and professional management services to the federal government. OBXtek is a leader in its field and is committed to identifying, developing, and delivering innovative, mission-focused technical and logistical solutions to over 15 civilian and military partners in the Federal Government.
As a prime contractor for 93% of our current work, we possess a robust corporate infrastructure that provides management oversight and support for all our programs. OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO to create processes that leverage best practices and result in novel, successful solutions.
OBXtek is staffing for an Information Systems Security Manager (ISSM) for our FMCSA contract. The ISSM functions as an information system security subject matter expert (SME) on FISMA, NIST standards and guidelines, Privacy Act, HIPAA, E-Gov, OMB Circulars A-11 and A-130, and Clinger-Cohen as they apply to data and application security in Federal IT. The ISSM is responsible for Assessment and Authorization (A&A) activities for automated information systems (AIS) and provides A&A support for domestic and oversea deployed systems. ISSM is the primary cybersecurity technical advisor to the Authorizing Official (AO).
Duties for the ISSM:
* Responsible for FedRamp assessments and associated documentation and monitors compliance with cybersecurity policy.
* Tracks and reports status, and brings any obstacles that may impact the completion of the A&A to the attention of the A&A Task Lead and the Program Manager (PM) in a timely manner.
* Ensures that A&A packages are submitted to IA and follows up to ensure IA approval of each phase of the A&A process prior to systems’ Authorized to Operate (ATO) expiration date.
* Reviews and monitors POA&Ms.
The ISSM functions include:
* Oversees Information Systems Security Officers (ISSOs) and the security for # High, # Moderate, and # Low information systems and drives the overall A&A life-cycle process in accordance with the FMCSA System Development Life-Cycle (SDLC).
* Oversees the systems security posture via iPost.
* Analyzes production system configuration change requests (CCR) of existing systems to determine security impact using the Planned Change Comparative Analysis (PCCA) process, and initiates required actions to maintain security posture and authorization status.
* Gathers required information to support system authorization by organizing technical working groups, conducting fact-finding interviews, attending system demo, assessing system security categorization (SCF) levels, establishing system security control baseline, acting as a security advisor to the GTM during the security controls implementation.
* Develops and updates security application documentation to include:
§ Security Categorization Form (SCF)
§ E-Authentication Form (eRA)
§ System Security Plan (SSP)
* Supports the A&A team in the development of the following security application documentation:
§ Information System Contingency Plan (ISCP)
§ Privacy Impact Assessment (PIA)
* Provides guidance as it related to the A&A process using the National Institute of Standard and Technology (NIST) Special Publication (SP) 800 series.
* Assists and advises developers in the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet AIS security requirements.
Must have an Active Secret Clearance.
15 + years of professional experience
A&A experience including FedRamp