Description
Overview RTI International is one of the world’s leading research institutes, dedicated to improving the human condition by turning knowledge into practice. Our staff of more than 5,000 provides research and technical services to governments and businesses in more than 75 countries in the areas of health and pharmaceuticals, education and training, surveys and statistics, advanced technology, international development, economic and social policy, energy and the environment, and laboratory testing and chemical analysis. The Technology Practice Area within RTI’s Social, Statistical, and Environmental Sciences (SSES) unit is seeking a Research Information Security Compliance Specialist. The candidate, under limited supervision, will be responsible for supporting the IT Security and Compliance Program; write, edit and consult on IT security and documentation for multiple projects, under the direction of a Project Director, task leader, or manager. They will be expected to document security control implementations, maintain a variety of security documents, and monitor the effectiveness of the overall security program. They will also perform risk assessments, gap analysis and overall security controls guidance for security standards including National Institute of Standards and Technology (NIST 800-53) and other security frameworks. They will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and response. This position can be based at our headquarters in RTP, North Carolina or work remotely. Responsibilities Lead and assist project teams with ensuring compliance of computer systems with RTI, Federal, and other relevant security standards. Serves as RTI’s Information System Security Officer (ISSO) for assigned projects. Serve as Security Compliance subject matter expert and provide guidance to project stakeholders. Manage information for security assessments leading to initial Authority to Operate (ATO) for systems and maintenance of ATOs while following FISMA, FIPS, NIST and client guidelines and requirements. Write, maintain, and ensure implementation of security documentation, including System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Contingency Plans, Incident Response Plans, and other documents. Direct and review vulnerability scans on systems to manage project actions, track remediation efforts and reporting to the client through use of POAMs. Contribute to System Development Life Cycle (SDLC) documents based on Federal guidelines. Support internal and external security audits. Manage controlled project documentation in document repositories. Develop improvements to existing security procedures and provide communication and awareness to project teams and clients. Support system implementation processes by reviewing designs and changes for security implications. Work across business units and be proficient in managing multiple workstreams at the same time. Average projects to work on simultaneously could average 5 or more, with varying level of effort. Review and respond to client security inquiries for projects, which may include Common Vulnerabilities and Exposures (CVEs), Known Exploited Vulnerabilities (KEVs) or Indicator of Compromise (IOC). Write sections related to security and systems in Request For Information (RFI) and Request For Proposal (RFP). Contribute to published articles in technology journals and present on IT security topics at technical conferences. Qualifications Minimum of bachelor’s degree in information security, or Computer Science, or any other related discipline and 8 years of related experience in information technology and/or cybersecurity or equivalent combination of education and experience. This includes a master’s degree and 6 years of experience or a PhD and 2 years of experience. Must have one or more Security certifications earned (or in progress). Desirable certifications include CISM, CISA, CISSP, CRISC, CDPSE, CISSO, GCIA, GCIH, CEH. Knowledge of and experience with writing, editing, and consulting on IT security & documentation. Knowledge of and experience with current software and cybersecurity technologies; security software, hardware, and database management systems. Experience with federal information security requirements and frameworks (NIST, FISMA, FIPS). Knowledge of applicable federal privacy laws and regulations. Strong technical writing skills. Ability to travel as required. Ability to work on multiple projects at the same time is critical. Ability to obtain proper security clearances as required by project contracts. Applicants must be legally authorized to work in the United States and should not require now, or in the future, sponsorship for employment visa status. #LI-KV1 EEO & Pay Equity Statements For San Francisco, CA USA Job Postings Only: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Further information is available here. RTI accepts applications to our job openings from candidates with criminal histories or conviction records in accordance with all applicable laws, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. The anticipated pay range for this role is listed below. Our pay ranges represent national averages and may vary by location as a geographic differential may be applied to some locations within the United States. RTI considers multiple factors when making an offer including, for example: established salary range, internal budget, business needs, and education and years of work experience possessed by the applicant. Further, salary is merely one element to our offer. At RTI, we demonstrate our commitment to rewarding individual and team achievement through a total rewards package. This package includes (among other things) a competitive base salary, a generous paid time off policy, merit based annual increases, bonus opportunities and a robust recognition program. Other benefits include a competitive range of insurance plans (including health, dental, life, and short-term and long-term disability), access to a retirement savings program such as a 401(k) plan, paid parental leave for all parents, financial assistance with adoption expenses or infertility treatments, financial reimbursement for education and developmental opportunities, an employee assistance program, and numerous other offerings to support a healthy work-life balance. Equal Pay Act Minimum/Range $127,000 – $157,000
Responsibilities
Lead and assist project teams with ensuring compliance of computer systems with RTI, Federal, and other relevant security standards. Serves as RTI’s Information System Security Officer (ISSO) for assigned projects. Serve as Security Compliance subject matter expert and provide guidance to project stakeholders. Manage information for security assessments leading to initial Authority to Operate (ATO) for systems and maintenance of ATOs while following FISMA, FIPS, NIST and client guidelines and requirements. Write, maintain, and ensure implementation of security documentation, including System Security Plans (SSPs), Privacy Impact Assessments (PIAs), Contingency Plans, Incident Response Plans, and other documents. Direct and review vulnerability scans on systems to manage project actions, track remediation efforts and reporting to the client through use of POAMs. Contribute to System Development Life Cycle (SDLC) documents based on Federal guidelines. Support internal and external security audits. Manage controlled project documentation in document repositories. Develop improvements to existing security procedures and provide communication and awareness to project teams and clients. Support system implementation processes by reviewing designs and changes for security implications. Work across business units and be proficient in managing multiple workstreams at the same time. Average projects to work on simultaneously could average 5 or more, with varying level of effort. Review and respond to client security inquiries for projects, which may include Common Vulnerabilities and Exposures (CVEs), Known Exploited Vulnerabilities (KEVs) or Indicator of Compromise (IOC). Write sections related to security and systems in Request For Information (RFI) and Request For Proposal (RFP). Contribute to published articles in technology journals and present on IT security topics at technical conferences
Qualification
Minimum of bachelor’s degree in information security, or Computer Science, or any other related discipline and 8 years of related experience in information technology and/or cybersecurity or equivalent combination of education and experience. This includes a master’s degree and 6 years of experience or a PhD and 2 years of experience. Must have one or more Security certifications earned (or in progress). Desirable certifications include CISM, CISA, CISSP, CRISC, CDPSE, CISSO, GCIA, GCIH, CEH. Knowledge of and experience with writing, editing, and consulting on IT security & documentation. Knowledge of and experience with current software and cybersecurity technologies; security software, hardware, and database management systems. Experience with federal information security requirements and frameworks (NIST, FISMA, FIPS). Knowledge of applicable federal privacy laws and regulations. Strong technical writing skills. Ability to travel as required. Ability to work on multiple projects at the same time is critical. Ability to obtain proper security clearances as required by project contracts. Applicants must be legally authorized to work in the United States and should not require now, or in the future, sponsorship for employment visa status. #LI-KV1