Role: Risk Management Framework Lead
Location: Fort Knox, KY OR Remote Position
Education/Certifications: BA/BS or MA/MS preferred; IAT Level II; Computing Environment Certification
Years of Experience: 5+
Clearance Level & Investigation: Secret
IA Cert Level (DoD 8570.01): IAT Level II (CySA+, CND, SSCP, GSEC, CCNA-Security, or Security+ recommended)
Computing Environment Certifications: Required
Job Description:
Qualifications:
- Serves as RMF Lead. Must have experience in RMF concepts and understanding of each process phase.
- Must have experience working with the Army’s RMF management package Enterprise Mission Assurance Support Service (eMASS) in addition to: experience managing system vulnerabilities and associated Risk Management Documents (Plans of Actions and Milestones (POA&Ms), Risk Acceptance Documents, and Waivers).
- Requires understanding DISA System Technical Implementation Guide (STIGs) and will provide guidance to technical Subject Matter Experts (SMEs) based on those STIGS.
- Must have knowledge and understanding of a wide variety of IT system infrastructure and application development methodologies.
- Performs Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks; ensures validity and accuracy review of all associated documentation.
- Performs compliance reviews of computer security plans, performs risk assessments, and performs security test evaluations and audits.
- Analyzes security requirements for information protection for enterprise systems and networks.
- Assists in the development of security policies.
- Analyzes the sensitivity of information and performs vulnerability and risk assessments on the basis of defined sensitivity and information flow.
- Professionally certified as Technical Level II as defined by DODI 8570 is a requirement.
Specific Responsibilities:
- Support execution of contract transition to ensure minimum service disruption to vital business and no service degradation during and after transition; ensure continuity of services while helping onboard personnel and jointly inventory intellectual and real property.
- Supports operations under the Cybersecurity standards defined in all required regulations and directives.
- Provides real-time compliance, continuous monitoring IAW NETCOM’s sampling requirements, routine assessments and heightened scrutiny of the cybersecurity posture and associated risks for all Customer systems, including but not limited to over 200 different system types.
- Delivers required reports listing compliant and non-compliant findings, vulnerabilities, Control Correlation Identifier (CCI), Security Technical Implementation Guides (STIGs), and Security Requirements Guides (SRGs) for each system assessed.
- Provides surge support, technical guidance, and expertise in the areas of Cybersecurity to support Customer, Mission Partners, IMOs, ISSOs, IS Owners, Software Developers, Network System, and Database Administrators IAW all related cyber regulations and directives; provide results in reports, briefs, and deliverables as required to the appropriate Government representative.
- Provide Cybersecurity surge support in the event of real world or additional requirements in support of RMF compliance checks and documentation review across authorization boundaries, including, but not limited to:
- Perform security review preparation for all security controls associated with RMF applicable to an assigned authorization boundary based upon the Confidentiality, Integrity, or Availability designation.
- Perform on site or off-site reviews of all information systems to audit and validate compliance with associated security controls.
- Perform as reviewers of audit teams during inspections, assessments, evaluations, audits, etc.
- Provide reports to the assigned Government representative as required.
- Provide reviews, validation, and deliverable efforts in support of compliance or non-compliance IAW CCI, STIGs and SRGs for each finding or vulnerability IAW RMF.
- Provide embedded Cybersecurity support across Customer or other supported organizations as required.