Staff Product Manager – Pentest as a Service
HackerOne
Cloud
Senior Information Systems Security Officer
NOVA Corporation
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Senior
Tech Stack
Cloud
About the role
- Support a real-time risk management system that fosters collaboration and enhances security practices within the organization.
- Conduct regular security risk analyses for hospitals and healthcare systems to identify vulnerabilities and mitigate potential threats.
- Stay abreast of Healthcare IT technologies and apply NIST 800 series methodologies to safeguard them effectively.
- Provide technical analysis and support to accreditation assessors and ISSOs.
- Conduct analysis of current environment and provide recommendations to align accreditation processes with NIST and RMF guidance.
- Create and maintain information security policies in compliance with NIST and HIPAA regulations.
- Utilize Archer to develop and maintain system accreditation lifecycle workflows and ATO packet management processes.
- Conduct comprehensive security control assessments following NIST, IHS, and CISA guidelines.
- Conduct security risk analyses for current and emerging systems.
- Conduct comprehensive assessments of security controls for IHS systems and sites, following NIST and CISA guidelines and ensuring adherence to risk management practices.
- Thoroughly review system and site artifacts to verify compliance with NIST RMF requirements and identify potential areas for improvement.
- Utilize network scanning and patching tools to mitigate vulnerabilities and enhance system security.
- Prepare and present Approval to Operate (ATO) or Interim Approval to Test (IATT) documents, ensuring compliance with assessment requirements and CATOs.
- Stay current with relevant NIST publications, NIST, CISA and IHS standards, and other guidelines.
- Contribute to the development of policies, procedures, and methodologies that align with NIST RMF and support the organization's transition to these frameworks.
- Participate in staff assistance visits and annual FISMA security control assessments for DRSN sites, providing valuable insights and recommendations for improvement.
- Provide expert advice and produce necessary artifacts to ensure ongoing compliance with NIST RMF requirements and maintain a robust security posture.
- Ability to coordinate risk assessment and compliance activities between GRC and ISSO teams.
- Expert level knowledge of RMF process, accreditation assessments, and DISA-STIGs for both on premises and cloud environments.
- Excellent communication and briefing skills to communicate to client leadership.
Requirements
- Bachelor’s degree required
- CISSP required.
- 5-8 years of relevant experience.
- Strong knowledge and understanding of HIPAA, PII, NIST, FISMA, and FedRAMP.
- Proficiency with Nessus and Archer GRC (2 years desired).
- Knowledge of RMF, NIST, accreditation assessments, and DISA-STIGs.
- Excellent communication and briefing skills for client leadership.
Benefits
- Health insurance
- Flexible work arrangements
- Professional development opportunities
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
security risk analysisNIST 800 series methodologiessecurity control assessmentsrisk management framework (RMF)vulnerability mitigationcompliance assessmentsystem accreditationnetwork scanningpatching toolssecurity policy development
Soft skills
communication skillsbriefing skillscollaborationanalytical skillsproblem-solvingorganizational skillsexpert adviceinsight generationcoordinationrecommendation development
Certifications
CISSP
