The System Security Plan (SSP) Writer collaborates with System Subject Matter Experts (SMEs), known as Content Providers, to craft a comprehensive system Narrative outlining an information system and its security boundary.
Working alongside System SME(s), the SSP Writer formulates control responses aligned with NIST SP 800-53 R5 Security Controls.
Utilizing established practices, they document these control responses in a Governance Risk and Compliance tool.
Additionally, the SSP Writer initiates and oversees SSP Development Kickoff meetings, managing the SSP's progression through established milestones and timelines.
Any SSP findings are meticulously documented as Plan of Action and Milestones (POA&Ms) and continually monitored and updated by the SSP Writer.
Maintenance of the SSP, including updates to security control responses as POA&Ms are addressed or system components are modified, falls under the SSP Writer's purview.
They may also evaluate and offer feedback on SSPs written by fellow SSP Writers.
A System Security Plan (SSP) writer is someone who creates and maintains a System Security Plan, which is a document that outlines the security requirements for an information system.
Required Qualifications:
Bachelor's degree in Computer Science or a related technical field.
In-depth understanding of security protocols and principles.
Strong critical thinking abilities with a knack for solving complex problems.
Excellent verbal communication skills.
Extensive experience in technical writing.
Thorough understanding of security controls including NIST, HIPAA, CMS, COBIT, ITIL, and CCSFP.
Familiarity with security systems such as anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems.
Comprehensive grasp of computer security services including Identity and Access Management, vulnerability and compliance scanning, and network security.
Experience in assessing the effectiveness of a system in meeting security controls.
Proficiency in managing small projects, including team management, scheduling, conducting meetings, and status reporting.
Demonstrated experience in the development, operation, and maintenance of security systems.
Proficiency in operating system and database security.
Knowledgeable in networking technologies, network security, and network monitoring solutions.
Skills and Qualifications:
Advanced technical degree preferred.
Security and/or project management certifications such as CISSP, CISM, PDP a PLUS