NOVA Corporation

Compensation

Full Description

Description: • Support a real-time risk management system that fosters collaboration and enhances security practices within the organization. • Conduct regular security risk analyses for hospitals and healthcare systems to identify vulnerabilities and mitigate potential threats. • Stay abreast of Healthcare IT technologies and apply NIST 800 series methodologies to safeguard them effectively. • Provide technical analysis and support to accreditation assessors and ISSOs. • Conduct analysis of current environment and provide recommendations to align accreditation processes with NIST and RMF guidance. • Create and maintain information security policies in compliance with NIST and HIPAA regulations. • Utilize Archer to develop and maintain system accreditation lifecycle workflows and ATO packet management processes. • Conduct comprehensive security control assessments following NIST, IHS, and CISA guidelines. • Conduct security risk analyses for current and emerging systems. • Conduct comprehensive assessments of security controls for IHS systems and sites, following NIST and CISA guidelines and ensuring adherence to risk management practices. • Thoroughly review system and site artifacts to verify compliance with NIST RMF requirements and identify potential areas for improvement. • Utilize network scanning and patching tools to mitigate vulnerabilities and enhance system security. • Prepare and present Approval to Operate (ATO) or Interim Approval to Test (IATT) documents, ensuring compliance with assessment requirements and CATOs. • Stay current with relevant NIST publications, NIST, CISA and IHS standards, and other guidelines. • Contribute to the development of policies, procedures, and methodologies that align with NIST RMF and support the organization's transition to these frameworks. • Participate in staff assistance visits and annual FISMA security control assessments for DRSN sites, providing valuable insights and recommendations for improvement. • Provide expert advice and produce necessary artifacts to ensure ongoing compliance with NIST RMF requirements and maintain a robust security posture. • Ability to coordinate risk assessment and compliance activities between GRC and ISSO teams. • Expert level knowledge of RMF process, accreditation assessments, and DISA-STIGs for both on premises and cloud environments. • Excellent communication and briefing skills to communicate to client leadership. Requirements: • Bachelor’s degree required • CISSP required. • 5-8 years of relevant experience. • Strong knowledge and understanding of HIPAA, PII, NIST, FISMA, and FedRAMP. • Proficiency with Nessus and Archer GRC (2 years desired). • Knowledge of RMF, NIST, accreditation assessments, and DISA-STIGs. • Excellent communication and briefing skills for client leadership. Benefits: • Health insurance • Flexible work arrangements • Professional development opportunities