The Ambit Group is a Woman-Owned, Service-Disabled Veteran-Owned Business providing management services to the public and private sectors. Our motto is "We get the mission of government done. Smarter. Faster. And cheaper."
We embody the name of the firm in our culture. Our ambit, or sphere of influence, is one in which all members have a voice and all are committed to outcomes. We understand that work, family and community co-exist, when any element is out of balance, all suffer. Our policies are family-centric, provide flexible work schedules, job sharing and cross-training that meet client requirements and support our employees. We focus on more than the task at hand, we focus on the entirety of our ambit. There is no job too large and no task too low - we function as ONE.
We are looking to add an experienced Information System Security Officer (ISSO) (Cybersecurity) to our dedicated team in Silver Spring, MD.
* Prepare the Security Authorization documentation for a Consolidated Cloud Applications system, which may include, but is not limited to, the following component documents: System Security Plans (SSP), Contingency Plans (CPs), Contingency Test Plan Test Results (CTPTR), Business Impact Analysis (BIA), Federal Information Processing Standards (FIPS 199) and 200), E-Authentication Threshold Analysis, Privacy Impact Assessment (PIA), Privacy Threshold Assessment, and other miscellaneous core documentation
* Review FedRAMP/Cloud ATO packages to ensure completeness, correctness and consistency, with a focus on risks and security controls communicated by the documents and analysis of the security controls assessments and efficacy of the attestations
* Review and track through resolution Plan of Action and Milestones (POAMs)
* Track IT Systems Authority to Operate (ATO), certification dates, and expiration dates to alert management of upcoming compliance reviews, and provide reports monthly or as required
* Brief review findings to ITSO, System Owners and Senior Leadership
* Conduct individual reviews on the FedRAMP/ATO core documents and provide feedback to the submitter, and perform a final review to assure comments have been addressed and incorporated into the final core documents and the Security Authorization Package (SAP) for approval
* Prepare Risk Analysis Reports, scoring the package in a meaningful way to provide Cyber Leadership with an overall Risk Profile Score of the Documents
* 7+ years' experience in the field or related area
* Bachelor's Degree in related field
* Certifications (minimum of one): CISA, CISSP, CRISC; others: CISM, CIA, CPA, CBCP, CIPP/IT a plus or ability to complete CISA and CISSP
* Experience in a Government consulting environment
* Familiarity with NIST 800-53 and NIST Risk Management Framework (RMF)
* Able to work on the complex cyber security problems/projects, a strategic thinker with a strong technical background, - Exercise independent judgement within broadly defined policies and practices, demonstrated experience in implementing various information technology solution and securing complex enterprise environments
* Excellent technical writing capabilities