Information Systems Analyst

Overview

• Support the CDC Office of the Director for Information System Security Officer (ISSO) with security steward support services for approximately 30 CDC IT systems.
• Perform security steward activities supporting the CDC OD Information System Security Officer (ISSO), OD Staff, CSPO staff and OD Business Stewards to create SA&A packages and complete all required SA&A, annual assessment, and annual business continuity plan (BCP) documentation based upon FISMA requirements using required SA&A management systems and tools such as RSA Archer, Trusted Agent, SharePoint and Excel;
• Ensure system documentation, analyses, tests, and reviews, including enhanced security control assessments (ESCA), are completed and allow time for system stewards and the OD ISSO to review, edit and sign documents to meet system specific deadlines; all new systems should receive authorization to operate (ATO) within 90 days; existing system deadlines are based upon milestone dates defined in the CSPO Inventory Tool and completed system packages;
• Coordinate and collaborate with the OD and CSPO System SMEs (FTEs) to ensure system documentation is accurate and updated according to policies and procedures;
• Develop and track system Plans of Action and Milestones (POA&M) that document system weaknesses requiring a mitigation plan; POA&Ms should minimally include the system weakness description, corrective action description, estimated cost of mitigation, planned date of mitigation and responsible parties; POA&M reschedule and closure requests should be documented and processed prior to system specific POA&M expiration dates to ensure POA&Ms do not expire prior to rescheduling or closing the POA&M;
• Track SA&A, annual assessment, and annual BCP deliverables using the CSPO Inventory Tool and system repository using tools such as Trusted Agent or RSA Archer;
• Develop and track system change requests and submit system change request forms;
• Ensure the completion of approximately 10 Level III software security evaluations for new software and approximately 10 major software upgrade evaluations per year to include baseline security testing using recommended security baselines such as Security Content Automation Protocol (SCAP) and coordinating Section 508 clearances;
• Assist with security critical partner reviews on OD and CSPO systems in the Enterprise Performance Life Cycle (EPLC);
• Complete third-party website and application (TPWA) site plans and TPWA privacy impact assessments (PIA);
• Conduct encrypted USB drive administrative configuration and password reset support using the on premise DataLocker encrypted drive, management solution.

• Must be a US Citizen and able to obtain an HHS Public Trust
• Bachelor's Degree in related field
• Minimum of 3 years of proven experience in applying National Institute of Science and Technology (NIST) Special Publication 800 series guidance to the security of complex systems, programs and projects
• Must possess an 8570-security certification
• Must possess in depth knowledge of and experience in cybersecurity with a heavy emphasis on FISMA, NIST guidance, implementing the NIST Cybersecurity Framework, advanced data and system analysis technics, project management, and use as well as experience with the added complexities of implementing complex cybersecurity protections and capabilities.
• Proven expertise in support of the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation Program (CDM) desired