Information Security Assessor

Company: MAXIMUS
Location: Salem
Posted on: March 20, 2023

Job Description:

JOB DESCRIPTION SUMMARYWe are seeking Information Security Assessors to join our team supporting an Internal Revenue Service (IRS) client. The team will ensure protection of Federal Tax Information with IRS trade partners while ensuring compliance with NIST 800-53 controls framework.Location of work is remote. Position will require travel to other government agency sites for information security control assessments. Periodic travel to the IRS facility in Washington DC for meetings may also be required.*Positions are contingent on contract award.

• Interview key stakeholders (developers, ISSOs, business POCs, etc.) to determine security controls implementation.
• Execute security control assessment plan by following provided assessment procedures, collecting, and analyzing evidence, and documenting steps taken, and findings documented.
• Update System Security Plan with actual control implementation determined during assessment.
• Develop Security Assessment Reports for management staff providing residual risk statement, impact, and suggested corrective actions.
• Use NIST SP 800-53, "Security and Privacy Controls for Information Systems and Organizations", to assess information security controls for compliance
• Perform risk analyses which also includes risk assessment.Project Minimum Qualifications:
  • Bachelor's Degree from an accredited college or university required. Information Technology curriculum preferred. An additional four (4) years of related experience may substitute for degree.
  • At least five (5) years of information security experience or relevant education
  • At least active Security+ certification or one of the preferred certifications listed below.
  • Experience in the following guidelines: National Institute of Standards & Technology (NIST) Special Publication (SP) 53 / 53A - Recommended Security Controls for Moderate Risk Federal Information Systems and/or Federal Information Processing Standards (FIPS) 199 & 200 and/or NIST 800-30 and Center for Internet Security (CIS) Benchmarks and/or NIST SP 800-37: Risk Management Framework (RMF) for Information Systems and Organizations; NIST-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations and/or OMB Circular A-130.
  • Experience in assessing, identifying, and addressing technical computer security risk and conducting computer security reviews
  • Possess strong attention to detail, and verbal and written communication skills
  • Knowledge of vulnerability scanning and remediation
  • Knowledge of Plan of Action and Milestones (POA&M) management
  • Knowledge of Certification and Accreditation (C&A) / Security Assessment and Authorization (SA&A)
  • Knowledge of FedRAMP Information Security control requirements
  • Experience in virtual operating systems such as VMWare and Hyper V, workstation operating systems such and Windows and Linux-based and cloud computing technologies
  • Experience in telecommunications and networking devices, such as firewalls, routers, switches virtual private networks (VPN), wireless, voice over Internet protocol (VoIP), and SAN.
  • Experience in encryption methodology including, but not limited to Virtual Private Network, Transport Layer Security and Secure Sockets Layer.
  • Preferred qualifications and experience include: experience with IRS projects; Knowledge of IRS 1075, and/or Treasury Directive Policy 85-01; CISA, CISM, CISSP, CEH, Cloud+ and/or CIPT certificationsAdditional Requirements as per Contract:
    • Candidates must meet requirements to obtain and maintain an IRS Minimum Background Investigation (MBI) clearance (active IRS Moderate Risk MBI clearance is a plus)
    • Candidates must be a US Citizen or a Legal Permanent Resident (Green Card status) for 3 years, and be Federal Tax compliantJOB SUMMARYESSENTIAL DUTIES AND RESPONSIBILITIES:
      • Perform complex risk analyses and risk assessment.
      • Establish and satisfy Information Assurance (IA) and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
      • Support customers in the development and implementation of doctrine and policies.
      • Advise information system owners on client/project security policies and requirements for systems.
      • Keep abreast of emerging security technologies and make appropriate recommendations regarding the enhancement of the security posture of systems and their implementation.MINIMUM REQUIREMENTS:
        • Bachelor's Degree.
        • 5-7 years of related experience required.
        • Computer Professional Job ProfileMAXIMUS INTRODUCTIONSince 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs. Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs. With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom. For more information, visit https://www.maximus.com.EEO STATEMENTEEO Statement: Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We're proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.PAY TRANSPARENCYMaximus compensation is based on various factors including but not limited to a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation shall be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation.

Keywords: MAXIMUS, Salem , Information Security Assessor, Other , Salem, Oregon