Certification and Accreditation (C&A) Specialist
Digicon Corporation, established in 1985, is a full-service Information Technology Integrator and Provider servicing Network Engineering and Software Development to both government and commercial customers. Digicon employs approximately 300 employees throughout the Washington metropolitan area, as well as several other major cities across the nation.
We are currently in search for a Certification and Accreditation (C&A) Specialist to work at our client site in Bethesda, MD. This is a full-time employee position with Digicon Corporation.
This position will work under the direction of the National Human Genome Research Institute (NHGRI) Information Systems Security Officer (ISSO) focusing on the certification and accreditation (C&A) activities. The NHGRI ISSO works in the Information Technology Branch (ITB) under the direction of the NHGRI Chief Information Officer (CIO).
Position Description:
Conduct certification and accreditation (C&A) activities to include, but not limited to:
- Work with system/application owners, developers, and other appropriate staff to do and document data/system/application data categorization using NIST SP 800-60
- Work with system/application owners, developers, and other appropriate staff to conduct and document periodic security assessments using NIST SP 800-53 controls and NIST SP 800-53A methodology
- Work with system/application owners, developers, and other appropriate staff to conduct and document periodic risk assessments
- Work with system/application owners, developers, and other appropriate staff to develop and document security plans
- Work with system/application owners, developers, and other appropriate staff to conduct plan, test, and document security test and evaluations (ST&Es)
- Work with system/application owners, developers, and other appropriate staff to develop contingency/disaster recovery plans and assist in the coordination of the contingency/disaster recovery plan tests
- Work with system/application owners, developers, and other appropriate staff to document Plan of Action and Milestones (POA&M) items and monitor and document POA&M progress
- Advise and work with system/application owners, developers, and other appropriate staff to insure new and existing systems/applications incorporate the appropriate security controls based on the system/application*s impact level as determined by the data categorization
- Track and adhere to deadlines
- Use the NIH Certification and Accreditation Tool (NCAT)
- Develop and maintain all C&A documentation
- Other miscellaneous security related tasks
Knowledge, Skills, and Abilities Required:
- Ability to communicate clearly and effectively, both orally and in writing, with both technical and non-technical people
- Ability to organize and plan effectively
- Ability to analyze information and determine it applicability to the situation/question
- Ability to complete assignments in a timely fashion
- Experience conducting C&As
o Data categorization
o Security assessments
o System security plans
o Risk assessments
o ST&E plan, testing, and report
o Developing and monitoring POA&Ms
o Developing and testing contingency plans
- Knowledge of security assessment practices
- Ability to be flexible and adapt to ever changing requirements
- Understand the NIST requirements for the C&A process and use those requirements in the development of C&As
- Must know IT concepts and be able to understand, interpret, apply, and evaluate/assess the implementation of security policies/regulations/NIST SP and FIPS requirements
- Must be able to secure and maintain a Public Trust background investigation
- Bachelor's degree desirable but not required
- CISSP/CISA/CAP (any or all) certification a plus but not required
This is a full-time employee position offered through Digicon Corporation. All candidates must be authorized to work in the US for any employer and able to pass a background investigation. Qualified candidates are asked to submit resume with salary requirements to Karen Mirolli at karen.mirolli@digiconasp.com. No relocation assistance is available. |