You will own the creation and maintenance of system security plans (SSP) for new and existing applications.
Responsibilities
Create system security plans (SSP) for new applications aligned with the Secure Application Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP).
Maintain SSPs for existing applications requiring authority to operate (ATO) and those undergoing hardware or software enhancements.
Monitor plans of action and milestones (POA&M) and corrective action plans (CAP) in collaboration with the Enterprise Information Management office.
Validate SSPs to ensure all NIST control requirements are met.
Author recommendations to improve security posture based on findings in accordance with SOM PSP and NIST controls.
Required Skills
1 year of experience analyzing and applying information security principles and practices.
1 year of experience reviewing IT systems and applications.
Basic knowledge of networking components and various operating systems.
1 year of experience analyzing NIST Special Publications 800-37 Revision 1, 800-53 Revision 3, 4, or 5, and 800-53A Revision 1.
Ability to obtain Security+ certification within 6 weeks of starting.
Strong written and verbal communication skills to explain technical matters to non-technical audiences.
Ability to collaborate on multiple projects and adjust to shifting priorities.
Preferred Skills
2 years of experience with security frameworks such as ISO, COBIT, or HIPAA/HITECH.
CISSP, CISA, or PMP certification.
Experience working with software vendors to implement security controls.