ISM Specialist
Arlington, VA

Job Description

Working at ICF

Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you're seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF-together for tomorrow.

ICF seeks an ISM Specialist to support the Office of the Chief Information Security Officer (OCISO) Information Security Manager (ISM) function within the Governance, Risk and Compliance Office of our federal client. In this role you will utilize your experience as a cyber security professional to provide program and risk management support to our federal client in executing functions and tasks in support of the ISM Program. This position is part of a large, business analysis and management support services contract for a federal civilian agency and is based on our client site in Arlington, VA.

What you'll be doing:

* Develop system security artifacts including but not limited to: Security Profiles, Privacy Impact Assessments, System Security Plans, Risk Assessments, and Waivers.
* Process Security MOA's and ISAs including developing documents, tracking and routing to appropriate POCs for review and signature.
* Review system security artifacts including but not limited to System Security Plans and Security Profiles and provide comments/ recommendations for enhancing the maturity/ completeness of the documented control implementation.
* Monitor and track status of user security training completion.
* Perform quality reviews, including the completion of Quality Review Checklists for Risk Reports developed as a result of Security Control Assessments (SCA).
* Develop and update management level reports and dashboards, including providing status on enterprise- wide Phishing exercises and POA&M Summary Reports to support communications with enterprise leadership and external auditors, including OIG and GAO.
* Monitor system records in OpenFISMA and assist with managing and maintaining complete and accurate information for assigned systems.
* Interface with cyber security and technical subject matter experts to gather information to develop/update organizational policies accordingly.
* Use your experience with the NIST 800 series publications to maintain and update security policies, technical guidance and SOPs.
* Lend cybersecurity and risk management expertise to a diverse set of enterprise programs and initiatives.
* Research, review, monitor, and report on industry best practices, latest cyber security developments and trends, standards, and guidelines, and apply these to the Federal environment.
* Identify and implement process improvement initiatives that contribute to and enhance the efficacy of the client's Information Security Program.

Basic Qualifications:

* Direct experience with FISMA/NIST standards and special publications is required.
* Direct experience with NIST 800-53 rev.4
* Direct experience with NIST 800-37 rev. 2 (RMF)
* Experience working with Federal clients
* Familiarity with and experience assisting Federal agencies implement and align organizational security policies and practices to NIST standards as well as Office of Management and Budget (OMB) and Department of Homeland Security (DHS) policies and directives.
* Strong written and verbal communication skills
* Familiarity with Audits, ATO process, and Vendor Risk Management
* Bachelor's degree with 5+ years' experience in implementing Cybersecurity and risk management best practices in Federal agencies

Preferred Skills/Experience:

* Certifications that are strongly preferred (not required): CISA, CISSP, CISM and/or other security certifications
* Experience developing or analyzing security policy.
* Experience implementing security standards and best practices.
* Hands-on experience using OpenFISMA®.
* Hands-on experience in establishing and maturing an organization's Information Security Program.
* General program/project management experience.

Professional Skills:

* Strong analytical, problem-solving, and decision making capabilities.
* Strong written and verbal communication skills.
* Proven track record of providing high quality professional services to Information Security Managers.
* Demonstrated history of positive customer-oriented interactions.
* Aptitude for working autonomously in a dynamic and fast-paced environment.
* Ability to multi-task and prioritize according to changing circumstances.

ICF is an equal opportunity employer that values diversity at all levels. (EOE - Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity).

Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email icfcareercenter@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.

Virginia Client Office (VA88)