RMF Cybersecurity Analyst (15.43)

OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology. OCT currently has an opening for an RMF Cybersecurity Analyst to work with a federal client. The analyst will support the Information Systems Security Officer / Systems Security and Privacy Officer (ISSO/SSPO) in executing Risk Management Framework (RMF) compliance, Security Assessment and Authorization (SA&A) activities, and information security governance across a complex federal health statistics environment. This position is contingent upon contract award. Day-to-day responsibilities Assist the ISSO/SSPO in interfacing with federal staff, contractors, and business partners to execute information security aspects of the agency's CIPSEA obligations, IT modernization, and cloud migration efforts. Support Security Assessment and Authorization (SA&A) activities including agency-hosted, contractor-hosted, cloud-hosted, and FedRAMP SA&A; assist with interpretation of regulations and policy guidance. Develop, track, and update Plans of Action and Milestones (POA&Ms) for identified vulnerabilities and risks; report remediation status monthly. Prepare and maintain System Security Plans (SSPs) in accordance with NIST SP 800-18 and NIST SP 800-53. Conduct and document Risk Assessment Reports (RARs) consistent with NIST SP 800-30 and applicable agency policies. Support FISMA reporting to the Department of Homeland Security and OMB; prepare gap reports of agency practices against evolving federal, HHS, and agency requirements. Assist with Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs) in accordance with HHS policy and OMB M-03-22. Prepare weekly project management/status reports and monthly RMF status reports for the COR and Program POC. Develop and maintain reusable templates, standard operating procedures (SOPs), and process documentation (e.g., SSP templates, risk assessment templates, process flow diagrams). Coordinate with agency Security, Business, and Technical Stewards; provide stakeholder advisory support and training as required. Support EPLC security reviews, IT acquisition security reviews, and security governance coordination activities. Assist in applying CIPSEA oversight in coordination with the agency Confidentiality Officer. Maintain compliance with all agency security training requirements including annual Security Awareness Training (SAT) and role-based training (RBT). Qualifications Must be a U.S. Citizen. Minimum of 3–5 years of experience in federal information security, RMF implementation, or cybersecurity compliance. Demonstrated experience with NIST SP 800-37, 800-30, 800-53/53A, 800-60, and FIPS 199/200. Experience supporting FISMA compliance and reporting activities for a federal civilian agency. Experience developing, reviewing, and maintaining SA&A documentation artifacts (SSPs, RARs, POA&Ms, Contingency Plans). Proficiency with Governance, Risk, and Compliance (GRC) platforms such as Archer or comparable tools. Strong technical writing skills sufficient to independently produce clear, accurate, and professionally formatted security and compliance documentation. Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent work experience). Ability to obtain a Public Trust (Moderate Risk – Level 5 or higher) background investigation; an HSPD-12/PIV card will be required for facility and network access. Work will be performed primarily at the agency facility in Hyattsville, MD, with authorized telework on a situational basis. Must be able to commute to the Hyattsville, MD location. Preferred Qualifications Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), or equivalent certification. Experience supporting HHS or other Federal civilian agency environments. Experience with CIPSEA, Privacy Act compliance, and handling of sensitive health statistics data. Familiarity with FedRAMP authorization activities and cloud migration security governance. Experience with continuous monitoring programs and vulnerability remediation in federal environments. OCT offers competitive compensation packages and a full suite of benefits which includes: Medical, Dental, and Vision insurance Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee's gross salary Paid Time Off and Standard Government Holidays Life Insurance, Short- and Long-Term disability benefits Training Benefits Salary Range: $90,000 – $110,000 yearly commensurate with experience, education, and qualifications. #J-18808-Ljbffr