logo

View all jobs

Compliance (FISMA/FedRamp) Security Control Accessor

Washington, DC
ClearFocus Technologies, a HUBZone certified company, is located in Leesburg, VA. We specialize in cybersecurity and support multiple government and commercial clients for a variety of missions. We value our clients, integrity and employees and believe a single person can make a difference!  

We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more! 
The current OIG environment contains approximately 11 FISMA reportable systems. The contractor must: 
  • Maintain OIG compliance with FISMA and FedRAMP requirements for low, moderate, and high systems for all current and future OIG systems, (including Independent Verification and Validations) of Cloud Service Providers (CSPs). Tasks may also include management and compliance support for additional systems/tools/technologies/platforms, which may be at the low, moderate, or high impact level. 
  • Perform assessments for systems that have a significant change in implementation or configuration, which will consist of an evaluation of all the controls that are in scope in the then-current NIST SP 800-53 revision 
  • Perform annual assessments according to OIG policy, of all FISMA reportable systems, which will consist of an evaluation of one-third of the controls in the then-current NIST SP 800-53 revision, until such a time as the OIG is certified for ongoing authorization of FISMA reportable systems. 
  • Develop and deliver a security assessment plan, security assessment report, risk exposure table, POA&M report, and other supporting documentation for each assessment performed according to OIG policy. 
  • Review systems for initial and recurring authorization and develop System Assessment Reports and manage POA&Ms for all findings in annual and system re­authorization assessments in an online dashboard utility. 
  • At the request of the COR, provide recommendations for the integration and configuration of cloud services into the existing OIG environment as well as risk assessments for CSPs proposed for use in the OIG environment. This requirement includes demonstrated familiarity with: Zero Trust Architecture, TIC (Einstein), MTIPS, OMB and DHS CDM requirements. 
  • Incorporate CASB tools where appropriate, in support of cloud compliance activities. 
  • Support continuous monitoring of CSP activities, including but not limited to POA&M management and reporting, and provide analysis and recommendations based on monthly continuous monitoring report(s) provided by CSP(s). 
  • Manage continuous monitoring of all OIG systems. 
  • Upon transition to ongoing authorization contractor shall support assessment and evaluation of security and privacy controls in the manner prescribed by the then-current departmental and regulatory guidance. 
  • Develop and maintain documentation of process/Standard Operating Procedure for assessments, testing and compliance in an access-controlled portal on the customer’s intranet.
COVID-19 Policy: In accordance with Executive Order 14042, all newly hired employees must be able to provide proof of vaccination prior to starting employment or receive approval for a medical or religious exception.

Share This Job

Powered by