ECS is seeking a ServiceNow (CAM Module) & RMF SME to work remotely.
- Support the Management of the Agency’s Enterprise Governance, Risk & Compliance (GRC) module to ensure accurate operational and ATO status of systems as well as system POCs, and related FISMA inventory attributes per the FISMA Inventory SOP.
- Track and maintain logs for the completion of program related requirements; Develop use cases and test scripts, conduct UAT, and report on findings.
- Review and update existing GRC specific information security policy, standards, and procedures based on federal and departmental regulations.
- Support the development of monthly and weekly status reports summarizing the status of completed, ongoing, upcoming tasks, and work performed.
- Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
- Create and maintain task status documentation for various activities, including outlines, plans, process improvement plan, task timelines, risk registers, lessons learned, requirements documents, meeting agendas, meeting minutes, and others.
Salary Range: $110,000 – $135,000
General Description of Benefits
- Experience with Business Analysis Processes including Requirements Management and Documentation; Data Analysis and Management; and Data flow mapping.
- Experience with GRC tools (Required) like Service Now (Preferred)
- Experience supporting security assessments and reviewing related documents.
- Experience performing Certification and Accreditation (C&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Certification and Accreditation documents.
- Experience with Dashboarding (preferred)
- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
- Knowledge of policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the OCC.