Lead cybersecurity efforts for audiology applications by managing the RMF lifecycle and obtaining Authorities to Operate (ATOs). Perform ISSO duties including vulnerability assessments, STIG implementation, and maintaining security artifacts within eMASS.
Overview
Goldbelt Apex, a part of the Healthcare Technology Transformation Group, is a data-focused company dedicated to process and quality in every aspect. As experts in healthcare IT experts, Apex is committed to building systems for healthcare organizations to seamlessly communicate and exchange data across different systems and devices.
Summary:
The DHA Hearing Center of Excellence (HCE) is currently seeking an experienced Information Assurance (IA) Cybersecurity Subject Matter Expert (SME) to support the Department of War (DoW) HCE Enterprise Audiology Programs and Data Solutions branch to assist in leading cyber security efforts for existing and potential future audiology applications and systems in accordance with DoDI 8510.01 Risk Management Framework (RMF), National Institute of Standards and Technology (NIST) Special Publication 800-53 (Revision 5) cyber security compliance requirements outlined within the Defense Health Agency (DHA) RMF. The IA SME will devise solutions that integrate information security requirements to proactively manage information protection throughout an application and our system's lifecycle.
Responsibilities
Essential Job Functions:
- Perform Information System Security Officer (ISSO) duties supporting information assurance, cybersecurity, and the application of the information technology security principles, methods, and security products to protect and maintain the availability, integrity, confidentiality, and accountability of information systems.
- Initiate, obtain, and update the Authority to Operate (ATOs), risk assessments for application/system, complete the continuous monitoring strategy tasks, and annual self-assessments.
- Complete required tasks within Enterprise Mission Assurance Support Service (eMASS) (asset manager, artifacts, control correlation identifiers (CCIs) responses, Plan of Action and Milestone (POA&M) creation, Ports, Protocols, and Service Management (PPSM) and any other RMF activities supporting accreditation).
- Implement DoW Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG).
- Perform analysis, design, and development of security solutions and plans for system architecture requirements.
- Create and maintain IA and ATO related artifacts and documentation.
- Request Assured Compliance Assessment Solution (ACAS) scans from Data Center Operations (DCOPS) Cyber Security team.
- Respond to DCOPS Cyber Security requests for ACAS credential validation.
- Evaluate and coordinate security program requirements; recommend information assurance/security solutions; and identify, report, and mitigate security violations.
- Conduct vulnerability risk analyses and assessments of applications and peripheral devices during all phases of the system development life cycle.
- Develop and implement information assurance/security standards and procedures in accordance with NIST publications.
- Support the medical devices risk assessment and standardization initiative to ensure the audiology community is utilizing commonly used enterprise-wide components to minimize non-compatibility or incident issues when capturing audiometric testing results.
- Act as a coordinator with costs related to the accreditation including independent audits/Independent Verification and Validation (IV&V).
- Develop all systems documentation including Privacy Threshold Analysis (PTA)/Privacy Impact Assessment (PIA), Federal Information Processing Standards (FIPS) 199, Standard Operational Procedures, Business Impact Assessment, and all supporting documents and artifacts.
Qualifications
Necessary Skills and Knowledge:
- Proficient in the application and functionality of the eMASS system.
- Experience in conducting manual and technical techniques for mitigation of vulnerabilities or requirements.
- Experience in implementing DISA STIGs, including the ability to find the guidance and tools available for the security measures to be taken for a particular system, application, or environment after assessing standards for implementation and compliance.
- Prior experience in completing the RMF ATO process (created artifacts, examined CCIs, and compose POA&M records).
- Strong written and oral communication skills.
- Work independently in a remote environment.
Minimum Qualifications:
- Must possess 5-7 years’ experience with implementation of the DoW RMF lifecycle.
- Bachelor’s degree in cyber security management and computer science.
- Certifications: Security+
Preferred Qualification:
- Certified Information Systems Security Professional (CISSP)
- Master’s degree in a related field
- Secret Security Clearance
Pay and Benefits
The salary range for this position is $90,000.00 to $110,000.00 annually.
At Goldbelt, we value and reward our team's dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience. As an employee, you'll enjoy a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) plan with company matching, tax-deferred savings options, supplementary benefits, paid time off, and professional development opportunities.