OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.
OCT currently has an opening for an RMF Cybersecurity Analyst to work with a federal client. The analyst will support the Information Systems Security Officer / Systems Security and Privacy Officer (ISSO/SSPO) in executing Risk Management Framework (RMF) compliance, Security Assessment and Authorization (SA&A) activities, and information security governance across a complex federal health statistics environment.
This position is contingent upon contract award.
Day-to-day responsibilities include:
-
Assist the ISSO/SSPO in interfacing with federal staff, contractors, and business partners to execute information security aspects of the agency's CIPSEA obligations, IT modernization, and cloud migration efforts.
-
Support Security Assessment and Authorization (SA&A) activities including agency-hosted, contractor-hosted, cloud-hosted, and FedRAMP SA&As; assist with interpretation of regulations and policy guidance.
-
Develop, track, and update Plans of Action and Milestones (POA&Ms) for identified vulnerabilities and risks; report remediation status monthly.
-
Prepare and maintain System Security Plans (SSPs) in accordance with NIST SP 800-18 and NIST SP 800-53.
-
Conduct and document Risk Assessment Reports (RARs) consistent with NIST SP 800-30 and applicable agency policies.
-
Support FISMA reporting to the Department of Homeland Security and OMB; prepare gap reports of agency practices against evolving federal, HHS, and agency requirements.
-
Assist with Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs) in accordance with HHS policy and OMB M-03-22.
-
Prepare weekly project management/status reports and monthly RMF status reports for the COR and Program POC.
-
Develop and maintain reusable templates, standard operating procedures (SOPs), and process documentation (e.g., SSP templates, risk assessment templates, process flow diagrams).
-
Coordinate with agency Security, Business, and Technical Stewards; provide stakeholder advisory support and training as required.
-
Support EPLC security reviews, IT acquisition security reviews, and security governance coordination activities.
-
Assist in applying CIPSEA oversight in coordination with the agency Confidentiality Officer.
-
Maintain compliance with all agency security training requirements including annual Security Awareness Training (SAT) and role-based training (RBT).
Requirements
-
Must be a U.S. Citizen.
-
Minimum of 3–5 years of experience in federal information security, RMF implementation, or cybersecurity compliance.
-
Demonstrated experience with NIST SP 800-37, 800-30, 800-53/53A, 800-60, and FIPS 199/200.
-
Experience supporting FISMA compliance and reporting activities for a federal civilian agency.
-
Experience developing, reviewing, and maintaining SA&A documentation artifacts (SSPs, RARs, POA&Ms, Contingency Plans).
-
Proficiency with Governance, Risk, and Compliance (GRC) platforms such as Archer or comparable tools.
-
Strong technical writing skills sufficient to independently produce clear, accurate, and professionally formatted security and compliance documentation.
-
Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent work experience).
-
Ability to obtain a Public Trust (Moderate Risk – Level 5 or higher) background investigation; an HSPD-12/PIV card will be required for facility and network access.
-
Work will be performed primarily at the agency facility in Hyattsville, MD, with authorized telework on a situational basis. Must be able to commute to the Hyattsville, MD location.
Preferred Qualifications:
-
Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), or equivalent certification.
-
Experience supporting HHS or other Federal civilian agency environments.
-
Experience with CIPSEA, Privacy Act compliance, and handling of sensitive health statistics data.
-
Familiarity with FedRAMP authorization activities and cloud migration security governance.
-
Experience with continuous monitoring programs and vulnerability remediation in federal environments.
Benefits
OCT offers competitive compensation packages and a full suite of benefits which includes:
-
Medical, Dental, and Vision insurance
-
Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee's gross salary
-
Paid Time Off and Standard Government Holidays
-
Life Insurance, Short- and Long-Term disability benefits
-
Training Benefits
Salary Range: $90,000 – $110,000 yearly commensurate with experience, education, and qualifications.
About OCT Consulting
OCT Consulting LLC is a Small Business (SB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the agility of operations and a management team with a track record of leading successful engagements at major Federal government agencies.
At OCT we believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone's contributions are valued and recognized.
