Responsibilities and Duties:
· Support with assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) and FEDRAMP on behalf of a federal civilian agency as a contractor and identifying potential risks associated with system configuration and advise on possible mitigation strategies.
· Conduct cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls
· Prepare and review System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation
· Work with and identify key stakeholders in support of A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
· Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
· Assist with estimating the Level of Effort (LOE) involved with performing A&A activities and developing/maintaining schedules.
· Assist customer program offices in interpreting and applying mitigation strategies
· Conduct annual Continuous Monitoring Compliance Checks and analyze system assessment documentation for accuracy, compliance, and adherence to federal cybersecurity requirements
· Work with and identify key stakeholders for annual assessments as needed to include: conducting OMB A-123 compliance assessments and the high- level assessments of government shared services as needed
· Maintain cybersecurity policy and processes as assigned
· Manage and track systems or programs involved in the A&A process and as they cycle through RMF/FedRAMP.
· Develop and implement security related directives and guidance for Information Assurance; Information Technology; and Information Management.
· Develop and deliver Monthly POA&M & ATO Reports to Management
· Promote an environment of continuous process improvement, learning and team collaboration
Minimum Qualifications
· Must possess a bachelor’s degree in a related field
· TS/SCI eligibility
· 5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
· One or more of the following certifications is desired (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)
· Familiar with information security and assurance principles and associated supporting technologies
· Excellent customer service, organizational, and writing skills