Today
Public Trust
Mid Level Career (5+ yrs experience)
IT - Security
Washington, DC (On-Site/Office)
Overview:
Planned Systems International (PSI) is an Enterprise IT services company who focuses on designing, building, securing, and operating cutting-edge software solutions that drive mission success and operational excellence for Federal Government organizations. PSI is currently seeking a Senior Information Security Analyst to support the Department of Justice (DOJ), Information Security & Validation Staff (ISVS) in delivering advanced cybersecurity governance, risk management, and compliance (GRC) services for the Judiciary’s COO offices. This position executes and advises on Risk Management Framework (RMF) processes, assesses security controls, and develops documentation to ensure system confidentiality, integrity, and availability. The analyst applies expertise in NIST and Judiciary Information Security Framework (JISF) standards to plan, implement, and monitor security measures across enterprise systems, supporting both ongoing operations and new system authorizations.
Essential Functions and Job Responsibilities:
- Perform advanced RMF activities, including system preparation, security categorization, control selection and tailoring, control implementation, and continuous monitoring.
- Develop, review, and maintain security documentation such as System Security Plans (SSPs), Security Impact Analyses (SIAs), POA&Ms, Risk Mitigation Plans (RMPs), and Incident Response Plans (IRPs).
- Conduct vulnerability assessments, risk analyses, and FedRAMP-related security reviews.
- Provide recommendations for risk mitigation, control enhancements, and compliance process improvements.
- Monitor security controls for effectiveness, evaluate changes to systems and environments, and update authorization packages accordingly.
- Generate recurring reports, including Critical Security Controls Status Reports, Executive Dashboards, and Executive Risk Reports, using GRC tools such as CSAM.
- Collaborate with stakeholders to ensure that common controls, requirements allocation, and business processes are documented and aligned with enterprise policy.
- Support incident response, contingency planning, and tabletop exercises to validate readiness and resiliency.
Minimum Requirements:
- Bachelor's in Cybersecurity, Information Security, Computer Science, IT, or related; advanced degree preferred.
- 5–7 years of directly related information security experience, including RMF and GRC responsibilities.
- One or more of the following certifications preferred: CISSP, CISM, CGRC, Security+, or equivalent DoD 8570/8140 certification.
- Strong knowledge of RMF processes and federal cybersecurity standards, including NIST SP 800-53, SP 800-37, and SP 800-137.
- Proficiency in developing and maintaining standardized security documentation in compliance with GRC frameworks.
- Experience with vulnerability management, risk mitigation, and security reporting.
- Ability to effectively communicate technical security requirements to diverse audiences, including executives and technical teams.
Desired Qualifications:
- Experience with system categorization IAW NIST SP 800-60.
- Experience with implementing continuous monitoring IAW NIST SP 800-137.
- Ability to analyze vulnerability scan results, implement mitigations, and manage POA&M items until resolved.
- Ability to apply and analyze security control assessment results generated from STIGs.
- Experience with the DOJ Cyber Security Assessment and Management Application (CSAM).
Planned Systems International (PSI) is an Enterprise IT services company who focuses on designing, building, securing, and operating cutting-edge software solutions that drive mission success and operational excellence for Federal Government organizations. PSI is currently seeking a Senior Information Security Analyst to support the Department of Justice (DOJ), Information Security & Validation Staff (ISVS) in delivering advanced cybersecurity governance, risk management, and compliance (GRC) services for the Judiciary’s COO offices. This position executes and advises on Risk Management Framework (RMF) processes, assesses security controls, and develops documentation to ensure system confidentiality, integrity, and availability. The analyst applies expertise in NIST and Judiciary Information Security Framework (JISF) standards to plan, implement, and monitor security measures across enterprise systems, supporting both ongoing operations and new system authorizations.
Essential Functions and Job Responsibilities:
- Perform advanced RMF activities, including system preparation, security categorization, control selection and tailoring, control implementation, and continuous monitoring.
- Develop, review, and maintain security documentation such as System Security Plans (SSPs), Security Impact Analyses (SIAs), POA&Ms, Risk Mitigation Plans (RMPs), and Incident Response Plans (IRPs).
- Conduct vulnerability assessments, risk analyses, and FedRAMP-related security reviews.
- Provide recommendations for risk mitigation, control enhancements, and compliance process improvements.
- Monitor security controls for effectiveness, evaluate changes to systems and environments, and update authorization packages accordingly.
- Generate recurring reports, including Critical Security Controls Status Reports, Executive Dashboards, and Executive Risk Reports, using GRC tools such as CSAM.
- Collaborate with stakeholders to ensure that common controls, requirements allocation, and business processes are documented and aligned with enterprise policy.
- Support incident response, contingency planning, and tabletop exercises to validate readiness and resiliency.
Minimum Requirements:
- Bachelor's in Cybersecurity, Information Security, Computer Science, IT, or related; advanced degree preferred.
- 5–7 years of directly related information security experience, including RMF and GRC responsibilities.
- One or more of the following certifications preferred: CISSP, CISM, CGRC, Security+, or equivalent DoD 8570/8140 certification.
- Strong knowledge of RMF processes and federal cybersecurity standards, including NIST SP 800-53, SP 800-37, and SP 800-137.
- Proficiency in developing and maintaining standardized security documentation in compliance with GRC frameworks.
- Experience with vulnerability management, risk mitigation, and security reporting.
- Ability to effectively communicate technical security requirements to diverse audiences, including executives and technical teams.
Desired Qualifications:
- Experience with system categorization IAW NIST SP 800-60.
- Experience with implementing continuous monitoring IAW NIST SP 800-137.
- Ability to analyze vulnerability scan results, implement mitigations, and manage POA&M items until resolved.
- Ability to apply and analyze security control assessment results generated from STIGs.
- Experience with the DOJ Cyber Security Assessment and Management Application (CSAM).
group id: RTL413949
