General Dynamics Information Technology hiring for Sr. Security Compliance Engineer jobs in Home Office, MD, US
Our team provides program support to DFS OCSE to manage and monitor the development, implementation, operation, maintenance, technical support, and enhancement of the division's systems and services. Federal Parent Locator Service (FPLS) information is, by statute, made available to child support agencies and a limited number of federal and state agencies. These secure systems and services help child support agencies, employers, insurers, and financial institutions exchange information about child support cases; locate parents; establish paternity, custody and visitation; collect support; and identify fraud.We are seeking a highly skilled and experienced Federal Security Compliance Analyst with exceptional communication skills to join our team. In this role, you will be responsible for ensuring system compliance with federal security standards and regulations and identifying and mitigating potential risks.
Currently, this role is remote. However, the primary work location for this position is the Department of Health and Human Services Mary Switzer Building, located near Federal Center Southwest in Washington, D.C. While there is no immediate indication of a change in the remote nature of the job, it is important to note that, as per customer direction, there may be instances where we will be required to work from the office.
Responsibilities:
Federal System Compliance:
- Serve as the subject matter expert on federal security compliance regulations, including but not limited to ZTA, Supply Chain, NIST, FedRAMP, FISMA, and OMB guidelines.
- Evaluate security controls implement by O&M security team to ensure compliance with federal guidelines and safeguard sensitive data and systems.
- Provide guidance to the design and development teams to ensure compliance with Federal mandates, OMB and NIST guidelines, Health and Human Services (HHS), Administration for Children and Families (ACF) and Federal Parent Locator Service (FPLS) security requirements.
- Provide guidance to the design and development teams on security issues, and assist as needed in the development of security documentation for Security Authorization.
- Participate in the continuous monitoring of FPLS systems and applications in support of the security authorization process through system development life cycle, risk assessments, vulnerability testing, inventory and configuration audits, technical and physical assessments, and development of security documentation.
- Support the Office of Child Support Enforcement (OCSE) management, the ACF CISO, ACF Cyber Security Office, and HHS Chief Information Security Officer (CISO) to ensure FPLS compliance with ACF and HHS security requirements.
- Assist the FPLS ISSO, FPLS ITSSO and Technical Manager to ensure that FPLS upholds all security requirements to maintain the ACF Authority to Operate.
System Risk Assessment:
- Conduct comprehensive risk assessments of system portfolio to identify potential vulnerabilities and weaknesses in the organization's security posture.
- Participate in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders.
- Document and track internal POAMs for DFS systems and applications.
- Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
Incident Response & Reporting:
- Monitor the security mailbox for incidents reported involving federal data. Develop reports and notify senior management and other government officials regarding data incident involving federal data. Monitor and track data incidents through remediation and closure.
- Proactively monitor the security mailbox to identify and address any incidents reported involving federal data promptly. Develop comprehensive reports detailing the nature and impact of each data incident and ensure timely notification to senior management and relevant government officials.
- Monitor and track data incidents from their initial identification through remediation and closure. Collaborate with internal teams and external stakeholders to effectively manage and resolve data incidents, ensuring adherence to established protocols and regulatory requirements.
- Conduct a thorough analysis of data incidents, including root cause identification and impact assessment. Utilize this analysis to enhance incident response procedures, mitigate risks, and improve overall data security posture.
- Work closely with cross-functional teams to develop and implement appropriate remediation plans for data incidents. Coordinate activities, allocate resources, and ensure timely completion of remediation actions to minimize the risk of recurring incidents.
- Maintain accurate and comprehensive records of all data incidents, including incident details, response actions, and outcomes. Ensure proper documentation of incident resolution, lessons learned, and recommended preventive measures.
Audits & Compliance:
- Plan and execute regular audits to assess compliance with federal security standards and regulatory requirements.
- Support the Security Team in responding to external audits conducted by the HHS Inspector General (IG), Internal Revenue Service (IRS) and other Federal agencies as required.
- Assess security events to determine impact and implements corrective actions. Conduct research pertaining to the latest security vulnerabilities. and the latest technological advances in combating unauthorized access to information.
- Support systems security evaluations, audits, and reviews. Develop systems security contingency plans and disaster recovery procedures.
- Participate in conducting security site assessments on data matching partner sites and FPLS contractor sites.
- Security Site Assessments: Actively participate in security site assessments conducted on data-matching partner sites and FPLS contractor sites. This includes planning, reviewing relevant documents, writing comprehensive reports, and reviewing/responding to Plans of Action and Milestones (POAMs).
- POAM Creation and Tracking: Create and maintain a system to track POAMs after each audit, ensuring that all identified security gaps and issues are properly documented and addressed within specified timelines.
- Questionnaire Review: Review questionnaires submitted by our matching partners to assess their adherence to security controls and requirements. Conduct kickoff meetings and virtual audits to validate the implementation of appropriate security measures.
- Security Control Monitoring: Continuously monitor the implementation of security controls by collaborating with stakeholders and conducting regular audits. Identify any deviations or vulnerabilities and recommend corrective actions as needed.
Training and Awareness:
- Develop and deliver training programs to educate employees on federal security compliance requirements and best practices.
- Assist in the development and delivery of Security Awareness Training as required.
- Promote awareness of security issues among management and ensures sound security principles are reflected in organizations' visions and goals.
Stakeholder Communication:
- Communicate effectively with various stakeholders, including senior management, IT teams, legal teams, and external auditors, to convey compliance issues, risks, and remediation plans.
- Support the client in publishing security alerts, advisories, and bulletins.
Industry Knowledge:
- Stay abreast of emerging trends, technologies, and regulatory changes in the federal security compliance landscape and provide recommendations for adapting policies and procedures accordingly.
Documentation:
- Maintain accurate and up-to-date documentation of compliance activities, audit findings, and remediation efforts.
- Proficiency or familiarity with project management tools, particularly Jira, is preferred.
- The ability to effectively utilize Jira for task tracking, issue management, and collaboration is highly desirable.
Required Skills:
- Bachelor's degree in Computer Science, Information Systems, or in a related field.
- Minimum of 5 years of experience working as a Federal Security Compliance Analyst or in a similar role, with a strong emphasis on ZTA, Supply Chain, NIST, FedRAMP, FISMA, and OMB knowledge.
- 5 Years of experience handling sensitive data sources and distribution of data containing personally identifiable information related to a Federal system.
- Ability to obtain a Public Trust
Desired Skills:
- Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable. AWS Certified Security Specialty is a plus.
- Excellent verbal and written communication skills, with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.
- Strong analytical and problem-solving skills to identify compliance risks, evaluate controls, and recommend effective solutions.
- Meticulous attention to detail and the ability to maintain accurate and thorough documentation.
- Proven ability to work collaboratively in a team environment and establish positive relationships with cross-functional teams.
- Ability to adapt quickly to changing priorities, regulations, and compliance requirements.
Work Requirements.cls-1{fill:none;stroke:#5b6670;stroke-miterlimit:10;stroke-width:2px} Years of Experience 5 + years of related experience* may vary based on technical training, certification(s),
or degree.cls-2{fill:none;stroke:#5b6670;stroke-miterlimit:10;stroke-width:2px} Certification Certified Information Systems Security Professional (CISSP) - (ISC)2Travel Required Less than 10%About Our WorkWe are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.