You will manage system security documentation and ensure compliance with established security frameworks and accreditation processes.
Responsibilities
Create system security plans (SSP) for new applications following the Secure Application Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP).
Maintain SSPs for existing applications requiring authority to operate (ATO) or undergoing hardware and software enhancements.
Monitor plans of action and milestones (POA&M) and corrective action plans (CAP) in collaboration with the Enterprise Information Management office.
Validate SSPs to ensure all NIST control requirements are met.
Assist team members and vendors with artifact collection to satisfy assessment requirements.
Required Skills
1 year of experience reviewing IT systems and applications.
1 year of experience analyzing NIST Special Publications 800-37 Revision 1, 800-53 Revision 3, 4, or 5, and 800-53A Revision 1.
1 year of experience applying information security principles and practices.
Knowledge of networking components and various operating systems.
Experience with security frameworks including ISO, NIST, COBIT, and HIPAA/HITECH.
Ability to explain technical matters to non-technical audiences.
Capacity to collaborate on multiple projects and adjust to shifting priorities.
Preferred Skills
CISSP, CISA, PMP, or Security+ certifications.
Experience working with software vendors to implement security controls.