The systems security specialist will research, develop, implement, test and review the government agency’s Financial Management Business Transformation (FMBT) program and specifically the implementation of Momentum as the platform to standardize, integrate and streamline the financial processes for the government customer. The individual will be defining and documenting the various security controls that need to be in place to ensure that the information is protected and prevent unauthorized access. The individual will inform stakeholders about security measures, explain potential threats, install software, implement security measures and monitor networks. Qualified individuals will generally be responsible for gathering information necessary to maintain security and establish functional boundaries and separation of roles and responsibilities. He/she will define, create and maintain the documentation for certification and accreditation of each information system in accordance with government requirements. He/she will also assess the impacts on system modifications and technological advances. Additionally, they will review systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
• Define the user roles and specific access controls for the Momentum FMBT platform
• Develop the process by which security organizations will be developed, approved, and implemented.
• Coordinate and execute, as appropriate, all activities necessary to obtain system authorization for all FMBT program systems and applications, in accordance with the NIST RMF.
• Deliver an interim RMF package (SSP, SAR, and POA&M) to the Govt assessment team.
• Assess the technical security controls of each system/application in accordance with NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations.
• Develop a Security Assessment Plan (SAP) for each system/application.
• Determine the security controls applicable to each system/application to be developed in support of the FMBT program.
• Document the security controls defined by NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations.
• Document common, hybrid, and system-specific security controls for each system/application to be developed in support of the FMBT program
• Perform all activities necessary to determine each system/application’s category in accordance with Federal Information Processing Standard (FIPS) Publication 199, Standards for Security Categorization of Federal Information and Information Systems.
• Implement the methods outlined in NIST Special Publication (SP) 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories to recommend a category of High, Medium, or Low for both the information type and the information system.
• Evaluate all NIST Special Publication 800-53 (Rev. 4), Security Controls and Assessment Procedures for Federal Information Systems and Organizations security controls and isolate those security controls that can be documented for the entire FMBT program.
• Experience with FIPS 199 classification and NIST SP 800-60
• NIST SP 800-53 (Rev. 4) and NIST 800-53A Security Controls
• Ability to document and present materials to government ISSMs and various stakeholders
• Excellent communications, teamwork, leadership and conflict management skills.
• Government Certification and Accreditation (C&A) Process required for General Support Systems (GSS) and Major Applications (MA)
• Experience creating System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms) and Security Assessment Reports (SARs)
• Experience with Cyber Security Assessment and Management (CSAM) platform for C&A preferred
• Experience with Financial Management Systems Preferred