Job Details

CONTRACT2HIRE FedRAMP System Owner/ISSO (VENDOR)

New York, NY, United States
  • Employment Type: Contract To Hire

Our client is seeking a FedRAMP System Owner/ISSO in their New York or Washington, D.C. office on a contract or contract-to-hire basis. The FedRAMP system owner will develop and manage company security documentation, policies and protocols and perform the company’s internal cybersecurity risk assessments and network vulnerability scans. The ISSO will also perform continuous monitoring activities in accordance with the Agency and NIST. This person will also participate in the change management process related to security and compliance protocol and develop remediation plans, executing them when vulnerabilities are found. In addition, the ISSO will review Security Assessment Plans (SAP) and Security Assessment Reports (SAR) and assist internal and external audit teams throughout the assessment and authorization process. Candidates must be organized, personable with strong communication and writing skills. Send resumes to [email protected].

Position Description:

  • Ensures risk analyses are completed to determine cost-effective and essential safeguards 
  • Maintains and updates system security documentation as required in accordance with Agency defined frequencies 
  • Performs Continuous Monitoring activities in accordance with the Agency and NIST Continuous Monitoring requirements; the support includes creation of new documents and update of existing documents per contract requirements
  • Supports continuous monitoring testing and control the Plan of Actions and Milestones (POA&M) 
  • Coordinates with the system owner and project team to establish and document processes for audit log management/review, account management, separation of duties and configuration management and to complete all documents defined in the Documents section below 
  • Collaborates with the system owner, project team and the Agency’s Information Assurance Division to ensure that system security requirements are identified, documented, constructed and validated throughout the project lifecycle, and to coordinate the review of System Security documents by the authorizing official (AO)
  • Ensures security assessments and authorizations (SA&A) of Agency information systems are completed in accordance with the published procedures and providing the appropriate level of support for SA&A activities 
  • Reviews Security Assessment Plans (SAP), Security Assessment Report (SAR) and assist internal and external audit teams throughout the assessment and authorization process
  • Facilitates the authorization or ATO

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)