Information Assurance Specialist

Information Assurance Specialist - (Suitland, Maryland).

BizFirst is assisting our client with recruiting an Information Assurance Specialist - Hybrid (Suitland, Maryland). This position will provide accreditation and authorization support and guidance for a government client. The selected candidate will join a collaborative team environment, provide technical analysis, auditing, and guidance to support accreditation deliverables, and communicate system environment status clearly to staff at all levels.

Our client is a workforce solutions firm that supports government agencies and commercial organizations with recruiting, staff augmentation, subcontracting, and proposal-related support. The firm works across IT, intelligence, healthcare, construction, and related sectors, with a focus on connecting organizations with qualified professionals who can support mission and project needs.

As an Information Assurance Specialist, you'll support accreditation and authorization efforts by auditing security procedures, reviewing system compliance, monitoring RMF-related controls, and helping maintain the documentation and evidence needed to support an Authority to Operate (ATO). This role is well suited for someone who understands how security policy, technical controls, system documentation, and compliance reporting fit together in a government environment.

·         Work with system owners and system administrators to audit standard operating procedures, checklists, and policies.

·         Review and analyze audit logs to ensure compliance with Security Technical Implementation Guides (STIGs) and Information Assurance Vulnerability Alerts (IAVAs) in support of achieving and maintaining authorization to operate.

·         Review and audit system configuration management, including system documentation, user manuals, and database versions.

·         Define, review, and audit policies to help ensure system access, user accounts, and other security controls are properly managed.

·         Support the maintenance of existing Authority to Operate (ATO), physical security controls, and required protection of sensitive or classified information.

·         Ensure RMF compliance with SOPs, media sanitation procedures, contingency planning, incident response, and insider threat policies and protocols.

·         Audit and manage all outstanding open compliance items through completion and/or risk acceptance.

·         Review and ensure compliance with information security boundaries through interconnection security agreements and service level agreements.

·         Understand and monitor agreements with FedRAMP cloud and services providers and associated controls.

·         U.S. Citizen.

·         Active Top Secret (TS) clearance with SCI eligibility.

·         College degree or higher in Information Technology, Cybersecurity, or a related field.

·         Minimum of 3+ years' relevant experience in information assurance, cybersecurity, RMF, accreditation and authorization, or system security compliance.

·         Experience with system hardening and patching.

·         Experience managing system configurations.

·         Experience working with the NIST Risk Management Framework (RMF).

·         Ability to understand, interpret, and implement NIST policy.

·         Experience with ACAS, eMASS, and CMRS is desirable.

·         Excellent interpersonal communication skills.

·         Ability to work independently in an autonomous environment.

·         Security+, CASP+, CISSP, or comparable certification required.

·         U.S. Citizen; active Top Secret (TS) clearance with SCI eligibility.

·         Monday to Friday

·         Onsite and then Hybrid: Onsite at Suitland, Maryland about 3 months to start. Then afterward, hybrid 2-3 days on site a week