Information Systems Security Engineer

Job Summary:

We are seeking an experienced Information Systems Security Officer to join our dynamic team. In this role, you will support our client's ISSO and Risk and Compliance teams, participating in activities related to risk management, compliance, and information system security. Your expertise in FedRAMP, RMF, and accreditation assessments will be crucial in ensuring our client's systems adhere to Federal standards.

Job Duties and Responsibilities:

• Support a real-time risk management system that fosters collaboration and enhances security practices within the organization.
• Conduct regular security risk analyses for hospitals and healthcare systems to identify vulnerabilities and mitigate potential threats.
• Stay abreast of Healthcare IT technologies and apply NIST 800 series methodologies to safeguard them effectively.
• Provide technical analysis and support to accreditation assessors and ISSOs.
• Conduct analysis of current environment and provide recommendations to align accreditation processes with NIST and RMF guidance
• Create and maintain information security policies in compliance with NIST and HIPAA regulations.
• Utilize Archer to develop and maintain system accreditation lifecycle workflows and ATO packet management processes.
• Conduct comprehensive security control assessments following NIST, IHS, and CISA guidelines
• Conduct security risk analyses for current and emerging systems
• Conduct comprehensive assessments of security controls for IHS systems and sites, following NIST and CISA guidelines and ensuring adherence to risk management practices.
• Thoroughly review system and site artifacts to verify compliance with NIST RMF requirements and identify potential areas for improvement.
• Utilize network scanning and patching tools to mitigate vulnerabilities and enhance system security.
• Prepare and present Approval to Operate (ATO) or Interim Approval to Test (IATT) documents, ensuring compliance with assessment requirements and CATOs.
• Stay current with relevant NIST publications, NIST, CISA and IHS standards, and other guidelines.
• Contribute to the development of policies, procedures, and methodologies that align with NIST RMF and support the organization's transition to these frameworks.
• Utilize network scanning and patching tools to mitigate vulnerabilities and enhance system security.
• Participate in staff assistance visits and annual FISMA security control assessments for DRSN sites, providing valuable insights and recommendations for improvement.
• Provide expert advice and produce necessary artifacts to ensure ongoing compliance with NIST RMF requirements and maintain a robust security posture.
• Ability to coordinate risk assessment and compliance activities between GRC and ISSO teams
• Expert level knowledge of RMF process, accreditation assessments, and DISA-STIGs for both on premises and cloud environments
• Excellent communication and briefing skills to communicate to client leadership
• Conduct regular security risk analyses for healthcare systems to identify vulnerabilities and mitigate potential threats.
• Ensure compliance with relevant regulations and standards to provide guidance to system owners on the selection and implementation of appropriate security controls.
• Support vulnerability management through regular assessments and compliance reporting.
• Experience with Tenable to request ad-hoc scans, review reports, and provide analysis to stakeholders.
• Provide input to the design and delivery training programs to educate system owners and employees on risk management, compliance, and security best practices to foster and maintain a comprehensive and proactive security culture.

Job Requirements (Education/Skills/Experience):

• Bachelor’s degree required
• CISSP required.
• 3-5 years of relevant experience.
• Strong knowledge and understanding of HIPAA, PII, NIST, FISMA, and FedRAMP.
• Proficiency with Nessus and Archer GRC (2 years desired).
• Knowledge of RMF, NIST, accreditation assessments, and DISA-STIGs.
• Excellent communication and briefing skills for client leadership.

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.