Role: IA Policy and Compliance Certified Professional – Intermediate
Location: Fort Knox, KY OR Remote
Education/Certifications: BA/BS or MA/MS preferred; IAT Level II; Computing Environment Certification
Years of Experience: 5+
Clearance Level & Investigation: Secret
IA Cert Level (DoD 8570.01): IAT Level II (Security+, CCNA-Security, GSEC, CySA+, CND, or SSCP recommended)
Computing Environment Certifications: Required
Job Description:
Qualifications:
- Performs Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks; ensures validity and accuracy review of all associated documentation.
- Performs compliance reviews of computer security plans, performs risk assessments, and performs security test evaluations and audits.
- Analyzes security requirements for information protection for enterprise systems and networks.
- Assists in development of security policies.
- Analyzes sensitivity of information and performs vulnerability and risk assessments on basis of defined sensitivity and information flow.
- Must be professionally certified as Technical Level II as defined by DODI 8570.
Specific Responsibilities:
- Support Assessment, Authorization & Validation activities.
- Conducts and supports Traditional Security Reviews (assessments, evaluations, audits) as required and determined by Cybersecurity.
- Identifies and makes on the spot corrections to deficiencies and educates the user on current security standards/requirements IAW current cyber guidelines and DoD compliance standards.
- Supports assessments, evaluations, and other Audits for Customer-supported ISs, including such areas of review as IT Infrastructure, Applications, Databases, and processes that support the Customer Mission.
- Coordinates the collection, validation, and upload of RMF documentation artifacts into the eMASS portal and internal tracking mechanisms for all authorization boundaries and application ATOs and provides reports as required.
- Coordinates and manages RMDs to include Plans of Action and Milestones (POA&Ms), Risk Acceptance (RAC), Memorandum for Records (MFRs), Operational Impact Statements (OIS) and Waivers for all assigned boundaries and application ATOs for approving signature and deliver to the assigned Government representative.
- Reviews and validates compliance or non-compliance IAW CCI, STIGs, and SRGs for each finding or vulnerability IAW RMF.
- Schedules and provides oversite of Information System Contingency Plan (ISCP).
- Reviews and validates all supporting documentation required to meet Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) compliance, including System Security Plan (SSP), Threat Model, System View 1, System View 2, Incident Response Plan, Business Impact Analysis, and After Action Report.
- Reviews and validates all supporting documentation required to support maintenance of the Army Portfolio Management Solution (APMS) application records.
- Reviews and updates as needed all assigned Non-Secure Internet Protocol Router Network (NIPRnet) and Secure Internet Protocol Router Network (SIPRnet) TSPs and provides the updated TSPs to the assigned Government representative.
- In support of the RMF Assess Only process, follows documented requirements and validates risk analysis and assessments on software and hardware requests, not on the approved product catalog using triage worksheets and approved tracking tools or tickets process for Information System Security Manager (ISSM) approval or disapproval.
- Provides surge support, technical guidance, and expertise in the areas of Cybersecurity to support Customer, Mission Partners, IMOs, ISSOs, IS Owners, Software Developers, Network System, and Database Administrators IAW all related cyber regulations and directives; provide results in reports, briefs, and deliverables as required to the appropriate Government representative.
- Provide Cybersecurity surge support in the event of real world or additional requirements in support of RMF compliance checks and documentation review across authorization boundaries, including, but not limited to:
- Perform security review preparation for all security controls associated with RMF applicable to an assigned authorization boundary based upon the Confidentiality, Integrity, or Availability designation.
- Perform on site or off-site reviews of all information systems to audit and validate compliance with associated security controls.
- Perform as reviewers of audit teams during inspections, assessments, evaluations, audits, etc.
- Provide reports to the assigned Government representative as required.
- Provide reviews, validation, and deliverable efforts in support of compliance or non-compliance IAW CCI, STIGs and SRGs for each finding or vulnerability IAW RMF.
- Provide embedded Cybersecurity support across Customer or other supported organizations as required.