CISSP Jobs - Program Manager - Information Security, 13849

at Park Computer Systems Incorporated
Location San Jose, CA
Date Posted June 13, 2019
Category Default
Job Type Contractor

Description

Title: Senior Manager - Information Security
Location: San Jose, CA

Duration: 6 Months - long-term

 

Description:

The Program Manager will be compliance prime for FedRAMP Moderate cloud and will be responsible for project management of the security compliance of the FedRAMP program. The role may expand into other security compliance initiatives (e.g. ISO 27001, C5 and SOC 2). This applicant must reside in the United States with no plans to move abroad.

Provide guidance and support for all assigned Security Authorization activities. Ensure compliant implementation of the FedRAMP Moderate 325 controls by all parties (CSIRT, PSIRT, InfoSec, Operations, Engineering, HR, etc.)

Track and report implementation status of offer while removing impediments, identifying risks, creating mitigation plans, and managing escalations

Present status of offer to Sponsoring Federal Agency, FedRAMP PMO, 3rd Party Assessment Organization (3PAO), Cisco leadership, Steering Committee, etc. per established cadences and by request

Facilitate and verify FedRAMP evidence and artifacts (monthly, quarterly, annually, etc.) per FedRAMP continuous monitoring requirements

Create and track FedRAMP Moderate cloud milestones and activities required to secure and maintain Authorization to Operate (ATO)

Lead FedRAMP pre-audit and post-audit activities including the development of the Security Assessment Plan, review and approval of 3PAO Rules of Engagement, and review, negotiation and acceptance of 3PAO Security Assessment Report

Collaborate with technical writer, ISSO, and control owners to create and maintain the System Security Plan (SSP). Ensure SSP is updated to reflect changes as they arise and that the changes are reviewed and approved before incorporated in the SSP.

Work with the ISSO in developing FedRAMP Moderate POA&M, Compliance POA&M, Significant Change Request, Operational Requirement Requests, and any other documentation required by sponsoring agency or FedRAMP PMO.

Support developers in ensuring IS security requirements for all applications comply with all laws and regulations and are appropriate and sufficient.

Prepare audit defense presentation in response to the 3PAO SAR

 

Required Skills:

BS or MS degree in Computer Science or related fields

5-7 years of related professional services experience within Federal projects

Certifications: Project Management Professional (PMP) desired; Certified Information Systems Security Professional (CISSP) a plus

Deep knowledge of one or more standards (TL 9000, ISO 27001, ISO 27017, ISO 27018, SOC 2, C5, PCI-DSS, HIPAA, HITRUST, FedRAMP, FISMA, JITC, Business Continuity Management)

U.S. Federal Information Assurance (IA), and the Risk Management Framework (RMF) experience preferred

IT Security Engineering Life Cycle and Release Management

Assessment and Authorization (A&A), Certification and Accreditation (C&A), NIST SP 800-53, RMF

Outstanding record of project and program management success, including establishing schedules, tracking progress, mitigating risk, achieving results and use of professional, repeatable methodology

Able to manage multiple concurrent projects and cross-functional team for compliance & audits 

Strong written, verbal communication and presentation skills – no exceptions! Ability to interface with customers including presentations to senior executives

Demonstrated leadership and team development skills

Demonstrated success consulting at the senior management level

Solid time management, planning, and ability to scope prospective engagements, develop proposals and project plans

Reach me at:

Badri

510.353.1700 x 244 (O)

510-369-4205 (Direct)