This individual will serve as a liaison to the Regulatory Product Owner. This individual will also be responsible for the following:
- Provide technical writing, governance, and policy development/management required to develop and evaluate Information Assurance Assessment and Authorization (A&A) for servers and systems.
- Write and document high level-policies or strategies for REGSEC; write technical documentation such as user manuals, reports, documentation, presentations, proposals, outlines, and summaries, and provide weekly updates regarding assigned projects and tasks including percentage of completion, concerns/issues.
- Provide consultation, guidance and portfolio management for systems and software in compliance with federal requirements and policies.
- Review and document control requirements from the National Institutes of Standard Technology (NIST) 800-53 requirements, and applicable federal regulatory documentation including IRS Publication 1075, the Social Security Administration Technical System Security Requirements, Federal Bureau of Investigations, Criminal Justice Information Security Policy, Office for Child Support Services Security Agreements, and the Centers for Medicare and Medicaid Services, Minimum Acceptable Risk Safeguards for Exchanges.
- Provide support for activities including development and maintenance of Plans of Action & Milestones (POA&Ms); tracking status; provide scheduling for reviews; document milestones and issues; submitting metrics; and preparing presentations and final deliverable reports, as required.
- Evaluate existing documentation and business activities to assess and document gaps in controls, policies, and procedures, as applied throughout the HHS network and applications.
- Apply general knowledge of privacy and security frameworks and basic technology security concepts to communicate requirements to staff and collaborate with staff on identifying current processes that align with control requirements.
- Write policies and procedures using existing agency templates in a professional manner, which can be understood clearly by staff with varying degrees of business and technical knowledge.
- Ensure the appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
A successful candidate for this role is expected to possess the following skills and experience:
- Solid understanding of privacy and security frameworks including NIST 800-53 Rev 5 controls and basic technology concepts.
- Understanding of the risk management framework, NIST 800-37
- Experience reading and applying state and federal laws and regulations.
- Solid technical writing skills and ability to write professionally with attention to detail.
- Strong organizational skills with ability to maintain and organize a great deal of information from varying sources.
- Ability to collaborate effectively with a wide range of personalities and work styles.
- Ability to break down complex tasks into actionable work items.
- Ability to work independently and communicate effectively.
- Ability to self-direct with initiative to learn quickly.
- Ability to maintain adherence to deadlines but allow for flexibility as needed
Skill
- Experience with NIST 800-53. Desired 3 Years
- Experience with interpreting state and federal laws and regulations. Desired 3 Years
- Expert working with IT professionals & business Subject Matter Experts (SME)/experience interpreting current processes & how they relate to requirement. Required 3 Years
- Experience working within a project governance structure (methodology, required templates and reporting) - Required3 Years
- Experience working within state or federal government structure. Desired 3 Years
- Strong process and gap analysis skills. Desired 3 Years
- Excellent task management skills, w/ the ability to manage multiple tasks at once with changing priorities in a cross-functional environment. Required 3 Years
- Experience with document management software. Desired 3 Years