Compliance supports overall goals on a continual basis is to assist with ensuring that TSA achieves passing or better compliance ratings by the department by adhering to federal and DHS requirements. The contractor shall provide support services required to execute the day to day FISMA operations, ensuring that all FISMA activities are prioritized correctly, completed on schedule, and are in accordance with DHS and TSA policies. The Contractor shall research major obstacles related to the DHS ever-changing FISMA requirements, which TSA will need to overcome on a weekly, monthly, and yearly basis. These issues consist of, but are not limited to, tracking whether TSA information systems have mitigated their weaknesses on time using the appropriate processes, ATO expirations, tracking completeness of annual requirements such as 800-53As and Contingency Plan Test Results, and validating the quality of TSA system artifacts. FISMA activities are mandated by, and must be executed according to the DHS Information Security Performance Plan for each fiscal year.
The individual shall:
- Assist the Section Chief and the Branch Manager in the day to day execution of the TSA FISMA Compliance program.
- Assist in executing the Department’s annual Information Security Performance Plan.
- Assist with managing the TSA official IT Systems inventory.
- Utilize and manage the department enterprise wide Information Assurance Compliance System (IACS) to assist in executing the department information security performance plan (or most current Compliance tool).
- Provide feedback to management on the functionality of the department enterprise Compliance tools.
- Demonstrate knowledge with vulnerability management (in the form of plans of action and milestones) from creation to closure.
- As requested by client, create briefings and reports pertaining to daily, weekly, monthly, or annual activities within the Compliance branch.
- Research the major obstacles related to DHS ever-changing FISMA requirements.
- Provide feedback on monitoring duties for a workload of approximately 10 systems and assist in maintaining security compliance for 80+ operational TSA IT Systems.
- Assist with conducting two inter-departmental/federal outreach efforts annually to assist other agencies with varying issues regarding their Security Authorization programs.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
- Minimum 5 years of security experience
- Demonstrate knowledge of the NIST 800 publications governing the FISMA Act.
- Experience with analyzing output from SCAP compliant and non-compliant tools regarding the following capabilities: hardware asset management, software asset management, configuration management, vulnerability management and endpoint protection.
- Ability to manipulate data in order to conduct sound and accurate analysis regarding output in the capabilities listed above.
- Ability to learn and assist in managing TSA-specific FISMA Compliance dashboards and applications.
- Contractor must be proficient in developing and presenting, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at TSA and other agencies.
- Ability to gain knowledge and proficiency with DHS required tools used by all Components.
- Proficiency in the Microsoft Office Suite of tools to include extreme competency in Excel.
- Certification: Technical security certifications are recommended. Certification and Accreditation Professional (CAP), CISSP, CISM or CISA certification is preferred.