Performs comprehensive A&A tasks including package development, controls analysis, risk assessment, contingency planning, security test & evaluation, risk mitigation analysis, and technology assessments.
Utilizes application NIST and FIPS standards and guidance documents to register and complete accreditation packages in the DISA eMASS system.
Leads the RMF accreditation lifecycle for assigned systems from cradle to grave, managing stakeholder engagement, lifecycle progression, schedule development, accreditation package review, submission and validation.
Maintains and supports current and ongoing A&A packages to ensure an uninterrupted delivery of information technology systems for the organization.
Creates, manages, and maintains setup documentation and security policies for compliance and accreditation purposes for all programs, including SOPs, Policies, Procedures, Plans, etc.
Reports on assessment process status, participates in Independent Verification & Validation (IV&V) activities, conducts/oversees IV&V testing as required, and assists system certifiers during evaluations.
Develops and maintains organizational cybersecurity templates, policies, procedures.
Assists in leading training sessions provided by the division to the greater organization and preparing related training materials.
Comprehensive understanding of DoD/DHA IT Security and IA policies, directives, and publications; and shall maintain awareness of relevant cyber-related policy issues.
Comprehensive understanding of federal security regulatory requirements and security frameworks, including RMF, NIST SP 800-series, FISMA, FIPS, FedRAMP, etc.
Required Skills
REQUIREMENTS:
3+ years of
relevant experience supporting system security authorization processes under RMF and previous regulations
Four-year college degree
Secret clearance required
Must meet DoD 8570 requirements
Required Experience
Qualifications
REQUIREMENTS:
3+ years of
relevant experience supporting system security authorization processes under RMF and previous regulations