Cloud Security Assessor - Cloud Security Monitoring
Chickasaw Nation Industries

Fort Meade, Maryland

This job has expired.


It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

Please note that CNI is closely monitoring Executive Orders and will be following any final decisions or mandatesregarding the COVID-19 Vaccination as a federal contract provider.

SUMMARY

Chickasaw Nation Industries has an opportunity for a Cloud Security Assessor to provide support on our IPKEYS Technologies - DISA TASS program, located at Fort Meade, MD. The Cloud Security Assessor - Cloud Security Monitoring will conduct security validations and assessments, in support of the FedRAMP and DoD Provisional Authorization (PA) processes and Cloud Services documentation packages. This position provides advanced technical expertise to senior management, department heads and/or staff. The Senior IT Consultant recommends specific solutions based on specialized capabilities to perform and integrate highly complex services in several operational, functional, or organizational areas.This position is located in Fort Meade, MD.

  • Candidates must be certified in one of the areas as directed by DoD 8570- CISM, CISSP, GSLC, CCISO;
  • Additionally possess a DOD Top Secret or Secret Clearance.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities include the following. Other duties may be assigned.

Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.

Conduct Cloud Security Assessments to include: validated cybersecurity controls, certifier's recommendation, and certifier's statement of residual risk, certification assessment briefing slides, and a provisional authorization. If the validation is leading to a Joint Authorization Board (JAB) Provisional Authorization (PA), a one-page executive summary shall also be prepared. Utilizing established process, procedures, templates, and forms:

Attend technical kick-off meetings and review preliminary analysis to understand and document a CSP's readiness posture.

Review and comment on CSO's SSP, SAP, SAR, and POA&M.

Review, understand, and document the operational impact that the security authorization, change, and/or vulnerabilities poses to the CSP.

Review, evaluate, and provide analysis in order to develop the Cloud Security Assessment Package in accordance with (IAW) the established guidelines.

Create a certification recommendation memorandum that detail the CSO's compliance with required DoD Cybersecurity controls, technical compliance, and include any residual risk.

Cloud Continuous Monitoring: Perform DoD and FedRAMP Cloud Authorization on-going support to include continuous monitoring, annual reviews and significant change requests of Cloud Service Providers through reviews, recommendations, written reports, and briefings. This task involves a review and analysis of the following: Deviation Requests (validations or justifications for a finding to be carried), Monthly One Pagers (description of the Cyber status of a CSO for that month), Annual Assessments (AA), (one-third of the assessment of the total CSO' baseline conducted each year), Playbooks (Weekly report on the ConMon status process of a particular set of CSO's), Significant Change Requests (SCR's) adding new requirements/capabilities to a CSO's offering, reviewing of the scan data, POA&Ms, and other changes to evaluate a CSP's ongoing risk posture change. Create monthly one pagers and playbooks.

Ensure the DoD and FedRAMP's monitoring programs provide oversight of CSP, ensuring a risk-based approach and provides data for the AO to understand risk position of cloud service provider environment.

Provide ongoing assurances (assessments and validations) that security controls are in place that adhere to DoD and FedRAMP requirements, to ensure compliance to maintain validation.

Ensure system risk safeguards and controls are in place to operate effectively, utilizing a proactive system and risk-based approach in monitoring.

Provide a more continuous view of cloud service provider applications and devices, to promote improved decision making based on assessed risks, while maintaining requirement of authorized risk levels.

Accomplish through the CSP an architectural reviews a risk-based situational awareness approach for network visibility to reduce timely mitigation steps.

Ensure the FedRAMP/DoD CSP provides timely incident reporting and escalation, major system changes approval affecting the authorization boundary.

Integrate security and risk management processes that identify actionable items, based on potential risks.

Validate and ensure CSP performs vulnerability scans of required security controls established by/for DoD and FedRAMP.

Recommend and monitor POA&M and monthly submission and review of vulnerability scans, playbooks, change request, deviation reports, and monthly one-pagers established for FedRAMP and DoD.

Conduct annual assessments for FedRAMP/DoD.

Support continuous monitoring and annual reviews of Cloud Services through reviews, recommendations, written reports, and briefings.

Document continuous monitoring standards and frameworks.

Promotes and encourages a culture of compliance with all applicable rules (federal, state, local, Federal Acquisition Regulations, Code of Federal Regulations, Prime Contract requirements, etc.) for themselves and the company as a whole.Fosters an environment in which they will reportanyviolations or reasonably suspected violation of CNI policy, FAR, and/or CFR and are comfortable discussing the myriad compliance, conflict, FAR, CFR, etc. issues that arise during the performance of a government contract.

EDUCATION/EXPERIENCE REQUIRED
10 years' experience with security controls assessment
Bachelor's Degree or above with an emphasis in Information Technology or Cybersecurity.
Experience with a Program in a Federal organization.
A demonstrated proficiency in Microsoft Windows/Office and Microsoft Project.

CERTIFICATES / LICENSES / REGISTRATION
Must possess a 8570 DOD IAM-III level certification which requires one of the following certifications: CISM, CISSP, GSLC, CCISO.
Must posses a DOD Secret or Top Secret Clearance.
May be subject to a background investigation and must be able to meet the requirements to hold a government security clearance.

JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES

Expert knowledge of proven business and operations practices and strategies

Proficient understanding of Restful APIs, JSON

Proven ability to facilitate progressive organizational change / development within a growing organization

Excellent organization and time management skills with ability to handle multiple priorities

Exceptional analytical and problem-solving skills with ability to assess business requirements

Exceptional leadership skills with ability to motivate, influence and lead others

High level of proficiency in briefing managers and communicating recommendations regarding status of project operations

Excellent verbal and written communications skills

Superior customer service and relationship management skills

Ability to effectively interact with management and staff at all levels within a multi-level organization

Ability to proactively identify problems and effectively respond

Ability to use discretion concerning highly sensitive and confidential data and information

Proficient understanding of cross-browser compatibility issues and ways to work around them

Experience with configuration management, version control, software packaging and deployment

Ability to perform system analysis, design and development

Ability to work well in a team as well as independently

Excellent oral and written communications skills

LANGUAGE SKILLS

Ability to read, analyze and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.

MATHEMATICAL SKILLS

Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.

REASONING ABILITY

Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

PHYSICAL DEMANDS:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.

#INDCNI

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!


This job has expired.

Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.

More Banking jobs


Southwest Georgia Farm Credit
Dawson, Georgia
Posted about 3 hours ago
Kitsap Credit Union
Bremerton, Washington
Posted about 3 hours ago
Kitsap Credit Union
Bremerton, Washington
Posted about 3 hours ago
View Banking jobs ยป