Job Description

• Support security efforts related to data and IT security for a Federal system supported by iTech AG to comply with all applicable Federal Government rules and regulations, and IT security standards (FedRAMP, NIST, FISMA, FISCAM, etc.)
• Monitor adherence to these information security rules, standards and procedures through security governance, risk management and continuous monitoring programs.
• Assess security impacts on system modifications and technological advances.
• Review infrastructure, systems and applications in order to identify potential security weaknesses and vulnerabilities, recommends improvements, develops and implements remediation plans and documents upgrades.
• Manage SDLC security requirements on new or enhanced systems, applications and infrastructure changes with robust security testing to identify and remediate security vulnerabilities and weaknesses.
• Ensure that all information systems are functional and secure in order to protect information and prevent unauthorized access.
• Ensure all SA&A artifacts are complete, updated and reviewed annually. Ensures all monthly reporting is accurate and ensures proper monthly reporting.
• Create and update Security Impact Assessments based on new product and product updates
• Continuously monitor and refine ServiceNow Security Center and provide biweekly updates to Federal customers
• Other duties as assigned

• 4+ years of experience supporting active Federal information security Certification and Accreditation (C&A), Continuous Monitoring, and Risk Management Framework.
• 4+ years of experience with NIST SP 800-37, Rev 1.0, NIST SP 800-53, NIST SP 800-137 and FedRAMP requirements and providing guidance to project teams on those guidelines and regulations.
• 4+ years of experience producing information security documentation such as Systems Security Plans and developing and maintaining documentation outlining system operating environments (overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities) for systems which they are responsible.
• Experience developing and revising system-specific security safeguards and local operating procedures that are based on relevant guidelines and regulations.
• Experience developing, supporting and providing security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, contingency plans and reports.
• Experience briefing technical vulnerabilities, system non-compliance with Information Security policies, and security incidents to project teams.

• Bachelor’s degree in computer science, Management, Information Systems, or related discipline or equivalent combination of education and experience

• Active Certified Information Security Manager (CISM)
• Active Certified Information Systems Security Professional (CISSP)
• Active Certified Information Systems Auditor (CISA)
• Experience utilizing ServiceNow Security Center

• Pursuant to government contracts, US Citizenship is required
• Ability to obtain and maintain a public trust.