Information Assurance NIST RMF

Information Assurance NIST RMF

Requirements

• Information Assurance
• Information Security
• Security Information
• 7 + years of related experience
• Active Top Secret with SCI eligibility and a T5 or T5R within the last 5 years
• Bachelor’s Degree
• In depth knowledge and experience implementing NIST guidance relating to SA&A, including System Security Plans, Security Test & Evaluation Plans, Risk Assessments, Contingency Plans, and Business Impact Analysis
• Communication skills required in one-on-one, team, and senior management settings
• The ability to work and set priorities on multiple projects/tasks at once and operate in a dynamic, fast-paced team-oriented environment
• Must have IAM Level III Certification (CISSP, CISM or GSLC)

Responsibilities

• Perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction
• Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security
• Stays current with headquarter’s policies and provides recommendations for new or updates to local policies, procedures and standards based on NIST 800-53 standards, headquarter changes, and best practices
• Develops recommended new or updated local policies, procedures, and standards
• Provides in a timely manner, summary advisory and assessment reports outlining the effects of headquarter’s policy changes or recommendations to local policies
• Provides in a timely manner, a Policy Change Summary Report for the development of new or updated policies, procedures, standards, strategies, network architecture, etc.
• Utilize ACAS to scan systems, review scan results, prioritize vulnerabilities
• Create in a timely manner, customized reports to recommend the best course of action to mitigate newly found vulnerabilities
• Disseminate in a timely manner, system scan results to technical team leads to facilitate system patching
• Develops and tracks Plans of Actions and Milestones (POA&M) items to resolution in support of IA compliance
• Conducts RMF compliant Security Assessment and Authorization (SA&A) in line with NIST and client guidance and directives for new and existing applications, systems, and programs
• Submit all required documentation for obtaining an Authorization to Operate/Connect to the Approving Officer
• Maintain Xacta records and RMF artifacts to support system accreditation
• Provide monthly status reports of SA&A activities

Preferred Qualifications

No preferred qualifications provided.