PingWind is seeking a Computer Security System Specialist to support the NCCDPHP contract. The Centers for Disease Control and Prevention (CDC) National Center for Chronic Disease Prevention and Health Promotion (NCCDPHP), Office of Informatics and Information Resources Management (OIIRM) provides information technology and informatics portfolio management services for the Center. This involves analysis, design, development, implementation, support, and evaluation of all information systems residing on the NCCDPHP Platform, and under the OCIO consolidated platform allocated to NCCDPHP or other Centers. The applications in this portfolio continuously evolve and are subject to change throughout the period of performance of this contract. OIIRM also provides data management, integration services, and consultation to support NCCDPHP lines of business as well as integration with programmatic functions. OIIRM also provides knowledge management services including information retrieval, information mapping, information sharing, daDevta categorization, infrastructure support, and knowledge capture.

Roles and Responsibilities

The qualified applicant will provide IT Security Risk and Compliance support to various international and domestic CDC information systems and serve as an IT Security consultant and advisor to system stakeholders on matters related to regulatory compliance, security controls, threats and vulnerabilities.

• Develop and maintain a solid working knowledge of CDC, HHS, and Federal cybersecurity and privacy regulations, policies, laws, and requirements.
• Work extensively with multiple senior-level stakeholders (system owners, mission leads, IT Governance, and the Information Systems Security Officer (ISSO)) in the conduct of system compliance and protection activities covering both domestic and international projects.
• Work with mission / technical teams to perform security analysis on in-development technical solutions and provide security compliance and guidance input as required
• Formally evaluate systems (either in development or in production) for compliance with Federal security requirements and develop corresponding documentation to align with the risk management framework (RMF)
• Assist system owners with identifying and utilizing relevant enterprise shared services and solutions to enable compliance and security activities
• Develop Security Assessment & Authorization (SA&A) packages and manage the end-to-end SA&A process for assigned systems including development of NIST-compliant System Security Plans, Rules of Behavior, Continuity of Operations and Disaster Recovery Plans, Risk Assessments, Interconnection Security Agreements, Incident Response Plans, Privacy Impact Assessments, Data Sharing / Use Agreements, etc.
• Develop and maintain system risk assessments and, as/if needed, remediation and Plan of Actions & Milestones (POA&Ms)
• Following formal approval, maintain system authorizations through proactive monitoring of system compliance, formal change management, corrective actions, and package updates throughout the system development lifecycle (SDLC)
• Become a trusted security subject matter expert supporting various mission leaders and activities
• Perform technical IT system security/vulnerability assessments using provided tools – interpret results and manage remediations as needed
• Support various other security-related activities including facilitation of change control processes and data call responses; management of encrypted / secure data storage devices; and the evaluation, justification, and management of software and third party website approvals
• Provide customer coordination and administrative support – e.g. structured communications, build leadership presentations, collect and consolidate weekly team status from multiple security analysts, cross coordinate with other projects and summarize information for customer leadership, etc.

• Demonstrated experience consulting directly with project teams in the security / security compliance space, within USG federal agency environments
• NIST RMF / Cybersecurity Maturity Model Certification (CMMC) control compliance required
• Demonstrated experience providing security support for application systems (not just networking and infrastructure) in both on-prem and cloud environments
• Demonstrated knowledge of computer operating systems and networks, component architectures, application development, and/or data management processes and technologies – the successful candidate must understand the fundamental technical components, processes, and interactions of enterprise-level information systems in both on-prem and cloud environments
• Demonstrated knowledge of fundamental information security concepts and processes such as risk assessment and mitigation strategies, security control techniques and technologies, assessment and evaluation methods, and user access control methodologies
• Excellent analytic skills – the successful candidate must be able to receive information, digest it, and apply standards and requirements to that information and in order to produce a clear and effective evaluation / assessment
• Excellent communication skills - both written and verbal
• Demonstrated facility with technical documentation
• Demonstrated problem-solving capability
• Ability to effectively manage time, and prioritize and execute tasks in a high-pressure environment
• Must be able to work independently and within deadlines
• Must be able to pass required Federal background screening / security check including basic and expanded investigations
• One or more industry certifications including CISSP, CAP, SANS GIAC Certifications, IAT or IAM Level I-III, or NSA’s IAM/IEM
• Desire and ability to quickly obtain industry certifications if needed

Preferred Qualifications:

Candidates with these desired skills will be given preferential consideration:

• Security policy development and process implementation experience in CDC / HHS preferred
• CDC experience

About PingWind

PingWind is focused on delivering outstanding services to the federal government. We have extensive experience in the fields of cyber security, development, IT infrastructure, supply chain management and other professional services such as system design and continuous improvement. PingWind is a VA CVE certified Service-Disabled Veteran-Owned Small Business (SDVOSB) and SBA HUBZone Certified with offices in Washington DC and Northern Virginia. www.PingWind.com

Our benefits include:

• Paid Federal Holidays
• Robust Health & Dental Insurance Options
• 401k with matching
• Paid vacation and sick leave
• Continuing education assistance
• Short Term / Long Term Disability & Life Insurance
• Employee Assistance Program through Sun Life Financial EAP Guidance Resources

Veterans are encouraged to apply

Please be advised that during the interview, you will be required to keep your camera on, and your interviewer will be taking your picture for identification purposes if an offer letter is extended to you.

PingWind, Inc. does not discriminate in employment opportunities, terms and conditions of employment, or practices on the basis of race, age, gender, religious or political beliefs, national origin or heritage, disability, sexual orientation, or any characteristic protected by law