Lead Analyst - ISSO

Description & Requirements

The Maximus Lead Analyst (ISSO) will work directly with the Maximus ISO Federal Director to identify and manage implementation of security policies, standards, and procedures that support customers with federal requirements to include FISMA, applicable FAR Clauses, Executive Orders, and OMB's specific to systems assigned.

The primary role of the ISSO will be the oversight of implementation of FedRAMP Moderate controls for Maximus FedRAMP systems and the management, and administration of a System Security Plan (SSP) to include all required artifacts needed for ATO continuous monitoring in accordance with agency specific and contractual requirements.

This role will support the primary ISSO for Maximus Cloud.



*Position is contingent upon contract award

*

This is a fully remote role.

Must have the ability to pass a federal background check.

Equipment will be provided but must meet the remote position requirement provided below:
Remote Position Requirements:
- Hardwired internet (ethernet) connection
- Internet download speed of 25mbps and 5mbps (10 preferred) upload or higher required (you can test this by going to www.speedtest.net)
- Private work area and adequate power source

Essential Duties and Responsibilities:

- Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, as outlined in the Information Security policy, under the direction of the Information Security management team.

- Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications.

- Ensure controls are properly and fully implemented to address identified Information Security risks for assigned area of responsibility.

- Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements.

- Lead and support audits and client reviews of security posture; coordinate the collection, review and submission of Information Security deliverables and track the remediation of audit findings and exceptions.

- Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team.

- Promotion of Information Security awareness through various communication channels within the organization.

- Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets.

- Create and manage System Security Plan and creation and or validation of all associated artifacts required to maintain FedRAMP ATO and NIST 800-53 compliance to include but not limited to a System Level Continuous Monitoring (SLCM) Strategy, HW/SW lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System ...