FedRAMP / Cyber Compliance Analyst Job Listing at SAIC in REMOTE WORK, TX (Job ID 2412712-2946)

Description

Description

SAIC is seeking a remote FedRAMP / Cyber Compliance Analyst. This is in support of the Department of Health and Human Services (HHS) cybersecurity mission to ensure HHS can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure HHS has the capability and capacity to respond to new and emerging requirements, technologies and threats.

Responsibilities:

•        Manage assigned Cloud Service Providers (CSPs) through the Continuous Monitoring of their Plans of Action and        Milestones (POA&M) and Monthly Continuous Monitoring Reports
•        Prepare for and lead Monthly Continuous Monitoring and SAR Debrief/Annual Assessment Meetings for assigned        CSPs
•        Complete Annual and Triennial Re-authorization Assessments to maintain an Authority to Operate (ATO)
•        Review POA&Ms and ensure CSPs remediate, mitigate and close findings
•        Lead HHS FedRAMP Authorization Process Review Meetings with HHS Operating Divisions, Staffing Division, and/or Cloud Service Providers interested in received an ATO Letter from HHS
•        Guide HHS Operating Divisions, Staffing Divisions, and interested Cloud Service Providers through the HHS                FedRAMP Authorization Process
•        Review ATO package, e.g., System Security Plan (SSP), POA&M, Security Assessment Report (SAR), Information     Security Contingency Plan (ISCP), Disaster Recovery Plan (DRP), Incidence Response Plan (IRP), etc., for new           software/cloud service offerings/legacy systems going through the HHS FedRAMP Authorization Process
•        Identify vulnerabilities and risks to external accreditation boundary diagrams
•        Ensure network boundary components in customer deployments are accurately described and implemented based      on the appropriate FedRAMP security controls 
•        Provide oversight on the initial independent and subsequent annual security audits of the security controls to ensure   compliance with cloud requirements and governance models
•        Leverage internal security operations procedures for efficient operation and protection of cloud applications while          maintaining security integrity
•        Update the status of deliverables in weekly task trackers on an ongoing basis

Qualifications

Required Qualifications:

• Experience and familiarity with cloud data security (FISMA/FedRAMP compliance).
• Bachelors degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree. 
• Direct FedRAMP experience.
• Strong understanding of Cloud computing models, architecture, design, and security evaluation.
• Extensive experience with vulnerability management and Plans of Action and Milestones (POA&Ms), with Privacy Impact Assessments, and security categorizations.
• Writing technical documentation and knowledge of Cloud and Security concepts.
• Technical experience related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA/NIST A&A.
• Understanding of the role of Third-party Assessment Organizations (3PAO).
• Experience with and knowledge of: National Institute of Standards and Technology (NIST) standards Strong governance, risk and compliance experience, Cloud Computing Security Requirements Guide (SRG).
• Experience with public cloud solutions (AWS, Google, and Azure).
• Proven ability to work with clients, business partners and suppliers.
• 2+ years direct FedRAMP experience preferred.

 

Education: Bachelor's Degree in a relevant field or 4 years of additional experience in lieu of a degree.

 

Certification: IAT Level I Certification(s) or above desired.

 

Clearance: Must be a U.S. Citizen with the ability to obtain and maintain a Public Trust clearance.

 

Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.

 Apply on company website