The purpose of this task order is to provide professional service personnel to support the OIG Office of the Executive Director, IT Operations Directorate, through subject matter expertise with project management for large complex projects related to EX/IT’s mission-centric approach to IT operations focused on customer service, collaboration, and innovation.

OIG is seeking support from a contractor to assist the Government in providing project management and business analyst support services for the U.S. Department of State, Office of Inspector General (OIG). The objective is to support EX/IT and OIG program office mission needs by identifying business requirements, initiating, and managing projects, and supporting a comprehensive approach to IT across OIG. All work must conform to OIG’s enterprise policies and procedures, including but not limited to IT governance and management.

• Support system assessment and authorization (A&A) activities and advise the Government on recommended security control implementations and risk mitigations.
• Develop systems security plans and associated documents (FIPS 199, contingency plan, incident response, configuration management, continuous monitoring, etc.) to meet Federal Information Security Modernization Act (FISMA) and NIST Risk Management Framework standards in support of third-party assessments and system authorization.
• Work closely with stakeholders to understand business processes, and through research and vendor outreach, identify and recommend compensating controls to mitigate risks
• Perform pre-assessment control reviews, gather artifacts, complete system security and associated plan updates, and other documentation review and updates
• Support development and maintenance of security controls for cloud solutions
• Advise CISO or Authorizing Official of changes affecting the organization's cybersecurity posture.
• Assist CISO and support staff by providing timely advice, guidance, and templates to complete required tasks and documentation
• Support annual incident response and contingency plan training and testing activities.
• Complete review of system and application configuration settings using automated and manual methods
• Complete vulnerability scanning and evaluation of assets. Compile data to assist remediation activities; coordinate with staff to implement corrective actions. Assist in the development of POA&Ms for outstanding risks
• Coordinate with staff to research and resolve security concerns and revise documentation
• Assist in the preparation of official memorandums, such as Authorizing Official risk acceptance, POA&Ms, and various appointment letters
• Research questions and requests; make recommendations based on cybersecurity policy
• Support the configuration management process through the completion of security impact analyses

• 5-7 years of federal government knowledge and experience in applying and implementing the NIST Risk Management Framework and Special Publications 800-53, 800-37; FedRAMP, NIST Cybersecurity Framework, and other FISMA requirements
• Experience in configuring and running vulnerability and configuration compliance (SCAP) scans, troubleshooting issues, and analyzing data to identify trends and recommend remediation actions
• Experience in researching different types of technical security threats and recommending mitigating actions. Proficient in calculating risk using NIST SP 800-30 to determine threat likelihood and impact.
• Proficiency in writing and maintaining system security plans, information security policies, and official memorandums intended for executive leadership
• Familiarity with use of Information Technology Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), and/or Project Management Professional (PMP) processes
• Desired certifications: Certified Information Systems Security Professional/Certified Information Security Manager (CISSP/CISM), PMP