OVERVIEW:
The Assessment & Authorization Specialist will be required to provide Certification and Accreditation support to advise and assist the stakeholders with the Lifecycle Assessment and Authorization (A&A) process, and develop a Systems Security Plan (SSP).
REQUIRED QUALIFICATIONS:
- Concentrate on overall technical and operational effectiveness of capabilities in coordination with the GTM and the Customer Staff management.
- Responsible for assisting and maintaining a formal Information Security Program that includes recommendations on continuous improvement of the processes and architectures supporting the overall Customer’s operational activities.
- Concentrate on overall technical and operational effectiveness of capabilities in coordination with the designated Customer's staff management.
- Maintain and make accessible documentation of all operational and business process activities in the form of Standard Operating Procedures (SOPs).
- Be responsible for assisting and maintaining a formal Information Security Program with their stakeholders.
- Monitor and track projects in the A&A queue.
- Analyze SSPs to develop an understanding of the customer's systems and applications.
- Coordinate A&A actions and system testing with appropriate security personnel.
- Develop risk assessment, recommend mitigating countermeasures, and write short, succinct risk assessment, and certification reports for submission to the Chief Information Officer (CIO).
- Act as an A&A project register.
- Manage the A&A registration process.
- Monitor and track projects in the A&A queue.
- Maintain a document repository where A&A project documentation is stored and recorded, and register actions concerning project approvals to operate in the A&A database.
- Assemble and submit A&A packages to the Principal Accreditation Authority or Designated Accreditation Authority.
- Support the Customer’s product selection process, approving product changes and modifications.
- Review and approve product requests for procurements to ensure it meets the Customer's security requirements.
- Engage in technical meetings during the Customer’s project engineering process to provide security guidance in terms of policy and technical implementation of those policies.
- Produce and assist with production of technical artifacts required for A&A packages such as write documentation like System Security Plan, Audit Strategy, Configuration Management Plan, Security Controls Traceability Matrix, Project Plan of Action and Milestones.
- Monitor and address cyber risks such as malware, zero-day attacks, denial of service attacks, as well as associated mitigations regarding computer and network devices.
REQUIRED QUALIFICATIONS:
- Bachelor’s degree in management information systems, information assurance, computer engineering, or other closely related IT and cybersecurity discipline or equivalent work experience.
- Demonstrated experience in the Risk Management Framework (RMF) methodology.
- Demonstrated experience managing document repositories and databases.
- Demonstrated experience in the use of process tracking and document control software.
- Demonstrated experience with writing, communications, and briefing skills.
- Demonstrated experience with technical guidance and oversight both to technical and non-technical, senior level personnel.
- Demonstrated experience organizing, planning and prioritizing multiple tasks to complete work on schedule.
- Demonstrated experience in INFOSEC policies, regulations, and guidance’s.
- Demonstrated experience with cyber risks such as malware, zero-day attacks, denial of service attacks, as well as associated mitigations regarding computer and network devices.
- Demonstrated pattern of excellent customer service skills and the ability to collaborate with customers at all levels.
DESIRED QUALIFICATIONS:
- Demonstrated experience with the Customer’s A&A process.
- Certified Information Systems Security Professional (CISSP).
- Demonstrated knowledge of the Customer’s standard project cycle.
- Demonstrated experience with the Customer’s diverse information technology infrastructure, including operating systems, major application systems, and network architecture.
CLEARANCE:
- Full Scope Polygraph minimum