Our client is looking for a cybersecurity professional to manage the Risk Management Framework (RMF) process and review / update the Authority to Operate (ATO) and Authority to Connect (ATC) approval packages. You will perform as the primary security advisor on multiple systems. At least 4 years of experience a DoD Secret clearance and possession of an IAT II certification is required.
Location: Hybrid: Tampa FL (Fort McDill Air Force Base) and remote (onsite 4 to 5 days a week for the first couple of months then transitioned to 2 days a week).
Citizenship: U.S. citizenship is required
Clearance: Active DoD Secret clearance
The ideal candidate will:
- Provide solutions and recommendations to remedy security vulnerabilities threats to ultimately improve the protection of IT resources and to execute the MacDill AFB mission.
- Provide guidance to other assessors on the policies and procedures of the job.
- Provide detailed assessment findings using Governmentspecified processes and procedures.
- Utilize assessment results to identify trends and to improve IA training policies and processes.
- Utilize the RMF methodology to successfully implement an information technology process which shall effectively protect the elements information assets and its ability to perform its mission to include but not limited to Configuration Management.
- Utilize RMF tools such as (but not all encompassing) Enterprise Mission Assurance Support Service (eMASS) SNAP Information Technology Investment Portfolio System (ITIPS) and Grid Interconnection Approval Process (GIAP) system.
Responsibilities
- Conduct comprehensive IT security control assessments on systems identified within the scope of the contract.
- Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.
- Review the System Security Plan (SSP) prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system that meet the stated security requirements.
- Advise the ISSM concerning impact values for confidentiality integrity and availability for the information on a system.
- Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards and controls to mitigate vulnerabilities.
- Review and approve the information system security assessment plan which is comprised of the SSP the Security Controls Traceability Matrix (SCTM) and the Security Control Assessment Procedures.
- Ensure security control assessments are completed for each information system and ensure controls are working as intended and these controls protect the confidentiality integrity and availability of IT resources at the appropriate levels.
- Prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity.
- For each completed site visit provide a visit report.
- Support compliance with RMF controls to include as necessary development of Plans of Action and Milestones (POA&Ms) and mitigation of control deficiencies.
- Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO.
- Assemble and submit the security authorization artifacts to the AO (consisting of at a minimum the SSP the SAR the POA&M and a Risk Assessment Report (RAR).
- Assess the proposed changes to information systems their environment of operation and mission needs to determine if they are securityrelevant and could therefore affect system authorization.
- Use Security controls defined by the AO and lead ISSM.
Qualifications and Skills
- U.S. Citizenship.
- 48 years of experience.
- DoD Secret clearance
- Bachelor s Degree or equivalent work experience is highly preferred.
- Excellent listening skills effective and efficient oral and written communication skills.
- Strong written verbal communication and presentation skills no exceptions! Ability to speak at group events and to interface with customers.
- Solid time management planning organizational communication skills and ability to scope prospective engagements develop proposals and project plans.
- Possession of one of these IAT II (or other) certifications:
- CCNA Security
- CySA **
- GICSP
- GSEC
Security CE
CND
- SSCP
cyber