The Information Security and Compliance Office (ISCO) is a part of the Enterprise Information Technology (EIT) Directorate within Leidos Biomed. The ISCO provides IT security auditing, engineering, and incident response support for the Frederick National Laboratory for Cancer Research (FNLCR) and the National Cancer Institute - Frederick. The mission of the Information Systems Program is to develop an enterprise-level, consolidated information technology infrastructure that provides exceptional IT capabilities to the Frederick National Labs for Cancer Research (NCI-Frederick/FNLCR) in support of basic, translational, and clinical cancer and AIDS research. ISCO supports the life cycle of information security for the scientific mission and administrative functions of the NCI-Frederick/FNLCR, to ensure the availability of information systems, protect the integrity of information, and protect the confidentiality of intellectual property and patient data.
This position description does not represent a current opening but may be used to identify candidates with skills and experience for positions within Leidos Biomedical Research that frequently become available. Candidates who express an interest may be considered for future positions at Leidos Biomedical Research.
- Ensuring NCI-Frederick/FNLCR information system and managed services maintains appropriate operational security posture consistent with the FISMA, working in close collaboration with information system owners
- Developing SOPs and ensuring compliance with security policies, standards, and procedures
- Develop system security plans (SSP), Privacy Impact Assessments (PIA) and other required security artifacts to support an authorization to operate (ATO)
- Managing the plan of action and milestones (POA&M) items associated with the systems and managed services to ensure that milestones are met and submitted for validation
- Performing and analyzing vulnerability and compliance scans
- Monitoring operational information systems and environments including baseline validation, and reviewing major changes that affect assigned systems
- Work with various groups to prepare, submit and validate the implementation of change requests
- Work with the various groups to integrate and implement security requirements into the design, development, and configuration of devices and information systems.
- Serving as an advisor on matters involving the security of the system and managed services
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
- Possession of a Bachelor's degree in biomedical science/math/computer related field from an accredited college or university according to the Council for Higher Education Accreditation (CHEA). Master's degree preferred. (Additional qualifying experience may be substituted for the required education). Foreign degrees must be evaluated for U.S. equivalency.
- In addition to the education requirements, a minimum of six (6) years progressively responsible job related experience. Experience must include functioning as an analyst or equivalent for compliance auditing, information security, information systems, or related.
- Work independently and make decisions regarding complex issues with appropriate consultation of peers, cross-functional teams, and supervisors
- Must be analytical and able to analyze complex information, synthesize disparate data sources, and communicate effectively
- Must be able to develop technical documentation and non-technical presentations; and, express information in a clear, concise, and organized manner, both verbally and in writing
- Must be detail-oriented with the ability to prioritize multiple tasks/projects
- Must be able to obtain and maintain a security clearance
Candidates with these desired skills will be given preferential consideration:
- Familiarity with using NIST RMF and 800-53 controls in a federal environment
- CAP, CISA, or CISSP certification
- Demonstrate working knowledge of networking, storage and virtualization technologies
- Demonstrate working knowledge of hardening guides such as those produced by the Center for Internet Security (CIS) and system/application vendors
- Demonstrate working knowledge of standards and guidelines for Information Security published by the National Institute of Standards and Technology (NIST)
- Working knowledge and expertise required for administering the information security aspects of information systems in compliance with regulations and directives of FISMA, and the Office of Management and Budget (OMB)
- Experience working in a scientific and/or federal environment
- Working knowledge of Windows and Linux systems
- Working knowledge of vulnerability and compliance scanning tools
- Possess related security certification (GIAC, ISC2, CompTIA, ISACA) or obtain within 6 months of hire
Equal Opportunity Employer (EOE) | Minority/Female/Disabled/Veteran (M/F/D/V) | Drug Free Workplace (DFW)