About the Mission You Will Join:
The Department of Labor (DOL) has entrusted VMD to support the Office of the Chief Information Officer’s (OCIO’s) Cybersecurity Division to provide enterprise-level cybersecurity services including Information Security Governance and Policy, ISSO and Assessment Services, and Security Operations Center support. The Department of Labor administers and enforces more than 180 federal laws and thousands of federal regulations.
VMD’s mission is to work on the high-priority federal cybersecurity initiatives within the Cybersecurity Division encompassing cybersecurity governance, oversight, and security activities of approximately 27 agencies within DOL and 80+ FISMA reportable system boundaries. VMD facilitates the implementation and operations at an enterprise-level that deal with a wide-range of cybersecurity tools and incidents to protect DOL IT assets from adversaries. The entire team consists of 50 cybersecurity professionals and could potentially double within the next year as agency cybersecurity contracts roll up to this enterprise contract.
Your Impact to the Mission:
Do you enjoy playing a vital role in establishing and enforcing security policies to protect an organization’s computer infrastructure, networks, and data? It's serious business to ensure American's data is protected. In this Information System Security Officer opportunity, your expertise in performing management of FISMA inventory, POA&M management and risk management of legacy and cloud computing systems, will be vital in protecting about 10 million employers and 125 million workers. You will do this by performing system-level policies, processes, and procedures development including reviewing and conducting updates.
Experience Needed to Be Successful:
- Strong leadership and analytical skills
- Expert interpersonal and written communication skills
- Developing and maintaining all security documentation for systems under their purview. These documents shall include but are not limited to Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIA), System of Record Notices (SORNs), System Categorization, System Security Plans (SSP), Business Impact Assessments (BIA), Contingency Plan and Tests (CP and CPT), Security Authorization Briefing, Recommendation, Memo.
- Experience in Security Awareness & IT Role-Based Training Tracking
- Experience providing Audit Support, Security and Privacy-Related Data Call Support
- Experience in System Security Lifecycle Support
- Conducting Security Assessment & Authorization (SAA) System Owner Document Creation and Updates
- Supporting Continuous Monitoring System Owner Document Creation and Updates
- Reviewing Change Requests (CR) to ensure that new systems include the appropriate security requirements at all phases of the SDLC.
- Completing Security Impact Analysis of changes as part of the CR process to ensure that the change will not have a negative impact to the OCIO GSS.
- Ensuring analysis is completed within the timeframes outlined for CRs and Security Impact Analysis
- Assisting system owner and agency security stakeholders in capturing all system weaknesses in POA&Ms.
- Notifying the Enterprise Security Operations Center (ESOC) of actual or suspected computer security incidents, including PH and/or PHI breaches.
- Assisting the ESOC and System Owner on all IT security and privacy incident reporting and subsequent resolution/remediation.
- Education Requirement: Bachelor’s Degree
- Specific Field of Study or Degree (if any): Computer Science, Information Management (IM), Information Technology, Engineering, or equivalent
- Can Additional Years of Experience Substitute for Degree? No
- Work Status Allowable: US Citizen or Permanent Resident
- Minimum Clearance to Start: Public Trust
- SANS, ISC2, ECCouncil, ISACA, or other cybersecurity or privacy certification
- Certified Authorization Professional (CAP) certification
The Type of Person That Will Excel:
- You demonstrate personal accountability and integrity in all actions.
- You interact well with people and are a natural team player.
- You consistently meet deadlines and come prepared to offer solutions and contribute in meaningful ways.
Travel and Telecommuting:
- Travel: None
- Telecommute Options: No
VMD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable Federal, state and local laws. VMD maintains a drug-free workplace.
Why Join VMD Corp?
VMD fosters a culture that is founded on Eight Core Values and we embrace and embody our Core Values. We demonstrate them every day. Proudly. With each other, with our clients, and within our communities. Our Core Values are what make us unique and exceptional.
VMD Employees envision the future. We hold ourselves accountable and hold each other to equally high standards. Our people recognize and reward greatness and are humble in doing so. VMD Employees understand big accomplishments take a team. Our people learn from both our mistakes and successes; we pursue improvement relentlessly, objectively and without bias. We share our thoughts and ideas with purpose and transparency. We commit to the mission, the customer and to each other. We love being nimble and producing results.
Our team is one of the best in the business.