MANAGEMENT AND OPERATIONS (M&O) ASSESSOR (Remote)

Title: Management and Operations (M&O) Assessor – Junior/Mid Level

Summary: 

Emagine IT has an immediate need for a Management and Operations (M&O) Assessor to join our team in located in Baltimore, MD.

Responsibilities: 

The M&O Assessor is responsible for performing an analysis of the various system artifacts, policies, procedures, and processes to identify deficiencies. Responsibilities include:

•    Review Information System Security related documents to attain an accurate understanding of the system architecture, reviewing core security Assessment system artifacts, such as the System Security Plan (SSP), Information Security Risk Assessment (ISRA), POA&M, and PIA.

•    Identifying deviations from Organization’s Acceptable Risk Standards and best security practices. 

•    Recording findings and consulting with other assessors and the Security Assessment Lead to verify/ corroborate findings; writing findings for the daily briefing;

•    Interviewing system staff, such as the Business Owner (BO), Information System Security Officer (ISSO), and Application Developer Organization (ADO) 

•    Presenting M&O findings during the daily stakeholder briefing.

•    Provide list of artifacts to Security Assessment Lead as requested.

•    Review all findings as they are reported by the other Assessors

•    Record all notes/artifacts requested and upload all notes/artifacts to repository for inclusion in Final Package

Minimum Requirements:

•    Must have at least 1 - 3 years relevant professional experience in the Information Security / Cyber Security field.

•    Must possess current minimum of one (1) of the following certifications Security+ (preferred); CAP; CASP; CISA; and/or CISM

•    Bachelor's degree preferred

•    Must have or be able to obtain Public Trust Security/Suitability Clearance

•    Experience with successfully conducting security tests and assessments under the traditional SCA framework and/or Risk framework at or for a federal agency or organization.

•    Knowledge of and working experience with applicable federal and NIST security standards, policies, procedures, and methodologies. Knowledge of CMS policy and procedures is highly desirable.

•    Have a technical background in a wide array of technologies, network devices, hardware, and software, so that they understand and can discuss Application and Infrastructure vulnerabilities if discovered during a Security Control Assessment.

•    Must have demonstrable ability to communicate complex technical and procedural topics clearly and succinctly in both verbal and written communications, and must be able to ensure that all communications, artifacts, and deliverables they produce meet all CMS requirements for clarity, accuracy, legibility, content, quality, etc.

•    Must be acceptably proficient in various common “soft skills” such as reading, writing, and oral communication in English.

AAP/EEO Statement　

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Emagine IT is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Emagine IT team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end users, and give our customers a competitive edge, now and into the future.