Governance & Audit IA Specialist
Clearance Level: Must be able to attain or maintain a SECRET level clearance Location: Washington, DC OVERVIEW This position is part of a team responsible for creating and maintaining ISD policies and documents that are essential to the overall effectiveness of the Agency working towards enterprise security solutions and implementing them in accordance with well-defined security architecture. TYPE OF WORK TO BE PERFORMED Maintain, review and develop ISD policies and procedures utilizing simple and plain language. Maintain and update ISD policies and procedures to reflect any changes in the US Laws, Executive Branch, DHS and Component internal standard operating procedures. Review all security control content in accordance with NIST SP 800-53 (latest edition/revision), "recommended Security Controls for Federal Information Systems and Organizations", DHS 4300A and any other applicable guidance in drafting security policies. Publish and maintain the current policies and procedure library within the USCIS documentation repository system, and assist the Government POC in the transferring of ISD documentation to the appropriate SharePoint libraries. Manage the USCIS routing and approval process for documents created and maintained, and coordinate with offices external to ISD, for the purpose of reviewing and updating policies and procedures. Compare and analyze USCIS policies and procedures to ensure compliance with OMB, Government Accountability Office (GAO), NIST, DHS, National Archives and Records Administration (NARA), and other authoritative guidance sources as established by US law or the Executive Branch. Within 60 days from the start of the base period, provide a course of action plan to address deficiencies in information security policy and procedure practices. Conduct annual reviews thereafter. o Develop policies and procedures as directed by the client in relationship to Information Assurance. o Participate annually in the reviewing of the DHS 4300-series and other DHS policies, memorandums, and documentation forwarded to USCIS for component-level review. o Assist in the coordination efforts of the Agency's reviews and responses to draft information security policies, procedures, processes, guides and audit documentation. o Collect and provide a coordinated response of all reviews prior to submission. At the direction of the client, participate in working groups such as the DHS Information Security Working Group, IA Policy Working Group, DHS Cybersecurity Working Group, DHS Security Policy Working Groups and others as directed. Provide meeting minutes for each attended working group, per meeting. Assist with writing, editing and publishing IT system security and privacy planning policy, procedures, and technical system documentation as requested by the Government Assist the program manager, acquisition team and technical personnel with the development of documentation to support the acquisition of IT security services and equipment. Specifically support the collection of relevant information, writing, and editing of the necessary acquisition documents for submission to the program manager for review. Support the creation and technical writing for white papers, position papers, decision memorandums, guides, communications, powerpoint presentations to a variety of audiences including stakeholders, management and end users. Assist the Federal liaison providing support to internal and external agencies/auditors, such as DHS and GAO and document system security reviews, inspections, audits and other evaluations and control audit requirements (ie NIST 800-53-A). o Manage ISD inputs and responsibilities associated with the Notice of Findings and Recommendations (NFR) and Mission Action Plan (MAP) activities. Provide ongoing support to the OIT Audit Liaison in facilitating response to internal and external audits from OIG, GAO, KPMG, OCFO, FISMA, or other requirements, including assisting with development of Mission Action Plans and tracking and reporting progress on security audit-related actions. Provide support and Audit liaison activities for executive-level responses, briefs, and documents for high priority initiatives, data requests, forms, and queries related to audits and as defined by the Federal Government. Have and maintain at least one active IA Level II or above certification such as but not limited to Security+, CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA. Have a minimum of three (3) years of IT Security Audit experience which includes analyzing and documenting vulnerability assessments. Have experience with leading projects, technical writing, administrative tasks, and conducting briefings with a strong focus on writing IT Security policies and procedures. Have advanced Microsoft Excel and Access skills to perform extensive data mining, correlation and reporting.