Job Description: · FedSME is looking for a candidate to provide Security Assessment Services to NIH. · Conduct cybersecurity assessment that will thoroughly review the current state of entire information technology, infrastructure and security to identify vulnerabilities in its systems, policies, controls and practices; and develop a prioritized road map of activities with a clearly defined set of actions to mitigate and remediate the risks identified. · Support NIST Risk Management Framework (RMF) based Assessment and Authorization (A&A) activities. · Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifecycle, to include security evaluation findings and residual risks. · Conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the systems. · Ensure required security authorization activities are completed and the results are documented. Review and process Interconnection Security Agreements (ISAs), Policy Waivers, Approval to Test (Telecommunication), and Interim Approval to Operate (IATO) documents. · Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for mandated security features. Provide guidance and support for all assigned Security Authorization activities, develop SAR's. · Create the CSS Plan, including rules of engagement (ROE) for each major application, information system, or authorization. · Document the results of the security control assessment, including recommendations for correcting any weaknesses or deficiencies in the controls, analyze findings, and develop risk mitigation techniques to address
