Sr Security Specialist/Audit SME

09 Jun 2024

Vacancy expired!

Capgemini Government Solutions (CGS) LLC is seeking a highly motivated Sr Security Specialist/Audit SME to join our team to support our government client. This position is a multifaceted role that supports our client in Washington D.C. as a technical consultant and subject matter expert (SME) regarding federal information and cybersecurity doctrine, including FISMA and the NIST issuances with a focus on audit support. The successful candidate will have the opportunity to apply and grow their skillsets, work with a motivated and entrepreneurial team, engage with a wide range of stakeholders, and build CGS capabilities. As a Sr Security Specialist/Audit SME you will:

  • Provide expert counsel to the team and to the client about federal doctrine regarding the role and function of the NIST issuances, particularly the NIST RMP (SP800-39), the RMF (SP800-37), Risk Assessments (SP 800-30), Security Plans (SP800-18), and the NISTFramework for Improving Critical Infrastructure Cybersecurity(aka, the Cybersecurity Framework, or CSF).
  • Research and compile evidence in support of our clients information security-related audits. Provide support for third-party audits performed by the OIG (annual FISMA audit, system security audits, per-request security topic audits, etc.), as well as the GAO (annual audit of internal controls, FISCAM audits, etc.).
  • Intake requests, specifically call for Provided by Client or PBC items, including requests for artifacts, interviews, tests, and examinations or observations of demonstrations and walkthroughs, etc. Each request must be tracked, reported upon, coordinated with needed stakeholders to obtain the requested materials, and conveyed to the auditors, with meticulous records being kept as to every PBC item, the timing of met and unmet requests, etc.
  • Help develop, track, and implement Corrective Action Plans (CAPs), including those for Plan of Action and Milestone (POA&M) remediation as well as those used to address audit findings.
  • Coordinate with auditing entities to convey finding closure memos and evidence of finding closures, and coordinate with stakeholders as CAPs change over time.
  • Draft audit finding closure memos, responses to auditor reports (including the Annual FISMA audit report), and other audit-related documentation. This is done in coordination with stakeholders regarding the appropriate responses.
  • Prepare, analyze and verify monthly audit status reports.
  • Support System Security planning efforts, including performing updates to system security plans (SSPs), determining the impact of new or updated doctrine upon the SSPs, planning and coordinating responses to these impacts, and ensuring that work is done in agreement with standard templates and guidelines. Support is also required to refine and update these templates and guidelines as changes in doctrine take place (for example, the impending release of NIST SP 800-53 Rev 5).
  • Support the PM by providing information for status reports, status briefings, schedules, project plans, etc., both in written and oral form.
  • Support and coach the more junior team members, perform quality reviews and oversight as needed, and help ensure that the team provides deliverables of impeccable quality.
  • Prepare executive-level presentations and summary reports.
Required Qualifications:
  • High school diploma or equivalent
  • Ability to be favorably adjudicated for access to Sensitive but Unclassified (SBU) / Controlled Unclassified Information (CUI) following background suitability and records check.
  • At least 10 years of federal information security experience. At least three years involving audit support with demonstrated leadership roles.
  • Candidates must hold one or more of the following certifications (or equivalents): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and/or CompTIA Security+.
  • Mastery of, and fluency in, the NIST SP 800-3X series and SP 800-18, and a solid understanding of all other NIST FISMA issuances, as well as federal statute, security-relevant OMB circulars and memoranda, federal information processing standards, and other federal security doctrine.
  • Ability to participate as a senior member of a technical team that is performing audit support, and SSP process and artifact design and development. Note that the actual SA&A lifecycle is managed by another group, and is not part of this job. Instead, this is a specialized team with a strong emphasis on technical expertise in just these areas, even if they do contribute to the SA&A lifecycle.
  • Ability to tailor information security processes and tools, based on ever-evolving and changing landscapes, doctrine, and risk scenarios.
  • Proficiency in performing work in a federal agency that has FISMA, OMB Cybersecurity & Privacy, and NIST SP/FIPS compliance requirements.
  • Ability to prepare deliverables with sufficient quality such that very few minor, or no, edits are required to be made prior to conveyance to the client.
  • Quickly review the work products of others, employ your own knowledge of federal security doctrine, and ensure that timely and accurate feedback and recommended edits are delivered to the author(s). All work products should be ready for delivery to the client after only one review has been performed.
  • Fluency in both spoken and written US English, including the ability to work with highly technical and specialized content. Must be able both prepare and deliver such content, verbally and in writing, but also comprehend such content from others, in both spoken and written form.

Company Overview A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients opportunities in the evolving world of cloud and digital platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through various services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of 200,000 team members in over 40 countries. The Group reported 2020 global revenues of EUR 15.2 billion. Capgemini Government Solutions, LLC (Capgemini GS) is a subsidiary of Capgemini focused on providing high-quality services to the U.S. Federal Government. Learn more about us at www.capgemini-gs.com. Capgemini has an entrepreneurial environment that embodies the following values: Honesty, Boldness, Trust, Freedom, Team Spirit, Modesty, and Fun. We offer a competitive benefits package to our employees. Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status, or any other characteristic protected by law. https://www.eeoc.gov/sites/default/files/migratedfiles/employers/posterscreenreaderoptimized.pdf Pay Transparency: https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp%20EnglishformattedESQA508c.pdfEqual Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c) See job description

  • ID: #42660819
  • State: Virginia Mclean 22101 Mclean USA
  • City: Mclean
  • Salary: -USD
  • Job type: Permanent
  • Showed: 2022-06-09
  • Deadline: 2022-08-07
  • Category: Et cetera