Previous Job
External Compliance Consultant
Ref No.: 17-22328
Location: Woodlawn, Maryland
Start Date: 12/27/2017
 Required Skills:
Contractor support is requested to perform contractor state agency security reviews for partner agencies' systems used in electronic information exchange to ensure initial and ongoing compliance with SSA requirements. The SSA Division of Compliance and Assessments (DCA) performs approximately 100 or more cyclical onsite compliance reviews and approximately 15 onsite certifications visits annually.  The time, effort and resources have increased to the point that the required travel and administrative preparation for reviews affects the productivity of our limited staff.  Increasing our staff, augmenting it with contractor support and the modernization of some of our processes will provide the level of relief we require. Federal statutes require triennial reassessments, which will result in an additional 18 site visits per year.  SSA recently completed assessments of contractor hosted external systems used by the agency. DCA currently accomplishes external compliance reviews via government personnel.  We require contractor services to assist with evaluating the compliance review process, standard operating improvements and updates to our automation tools and documenting procedures.  We anticipate using the contractors to participate in the compliance reviews, to include traveling with our government personnel.  Additionally, contractor services will supplement the current government staff to perform security control testing at DDS sites and contractor hosted external systems facilities.  Government employees will lead all onsite activities that involve contractors.
Technical Skills Skill Years/Level of Experience
  Mandatory Federal laws, OMB / Client directives, NIST standards and guidelines 2+
    NIST 800-53A Rev. 4, NIST 800-53 Rev. 4, NIST 800-37 Rev. 1, NIST 800-30 Rev. 1, NIST 800-39, FIPS 2+
    Familiarity / knowledge of existing agreements with partner agencies & SSA 2+
  Security policies and procedures development and maintenance 2+
  Project Management 2+
Job Responsibilities
The scope of work shall include the following areas:
  • Risk Management,
  • Risk Analysis,
  • Vulnerability Assessment,
  • Development of Policies and Procedures to support DCA's Business Processes for Compliance Reviews for state agencies and DDS
  • Travel to support Security Reviews,
  • Technical Advisory functions,
  • Reviewing DDS System Security Plans (SSP),
  • Onsite Validation and Verification of DDS SSP content,
  • Performing Onsite Security Walkthroughs of DDS facilities,
  • Critical Administrative Support for Reviewers,
  • Modernizing Compliance Review (CRQ) and SDP Questionnaires, and
  • Configuring a Modernized, Robust and User-friendly Assessment Application/System
Contractors shall perform all tasks in accordance with all applicable Federal laws, OMB directives, and NIST standards and guidelines.