Lead Information Assurance

Lead Information Assurance

Requirements

• Requires BS and 12+ years of prior relevant experience or Masters with 10+ years of prior relevant experience, additional years of experience will be accepted in lieu of a degree.
• DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC.
• Minimum of 3 years of hands-on experience conducting vulnerability assessments using the Assured Compliance Assessment Solution (ACAS), as well as Security Technical Implementation Guide (STIG) compliance tools such as Evaluate-STIG or SCAP.
• Demonstrated familiarity with Department of Defense (DoD) cybersecurity standards, including direct experience working with DoD systems, tools, reporting mechanisms, and requirements for Certification and Accreditation (C&A) processes.
• Proven experience developing and evaluating cybersecurity documentation, including Security Concepts of Operations (CONOPS), System Security Plans (SSPs), Security Risk Assessments, Plans of Action and Milestones (POA&Ms), Contingency Plans, and Configuration Management Plans. Experience managing security artifacts within governance tools such as XACTA and/or eMASS is required.
• Must possess an active Secret clearance and ability to obtain TS/SCI clearance is required to be considered.

Responsibilities

• Serve as the Information Assurance (IA) lead and primary point of contact for system owners, developers, ISSOs, ISSMs, and government stakeholders on all cybersecurity compliance matters.
• Develop, implement, and maintain standardized processes and procedures for the ISSO team to ensure consistent execution of cybersecurity tasks.
• Support the ISSO Team Lead in conducting lessons learned and continuous improvement activities to enhance team performance and efficiency.
• Lead all phases of the Risk Management Framework (RMF) process, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Prepare, maintain, and submit comprehensive security authorization packages (e.g., System Security Plans, POA&Ms, Security Assessment Reports) for systems pursuing or maintaining an Authority to Operate (ATO).
• Ensure accurate implementation and documentation of NIST 800-53 security controls. Coordinate with Security Control Assessors (SCAs) to validate control effectiveness.
• Establish and oversee continuous monitoring strategies, including vulnerability scanning, audit log reviews, and periodic control assessments.
• Interpret and enforce applicable DoD, DISA, and NIST cybersecurity policies, ensuring systems comply with STIGs, SRGs, and other regulatory requirements.
• Manage routine security scanning and compliance activities using tools such as ACAS (Tenable.sc/Nessus), SCAP Compliance Checker, and HBSS. Track and coordinate remediation of findings.
• Collaborate with cybersecurity operations teams to develop, test, and support incident response plans, and provide technical assistance during security incidents.
• Prepare and deliver cybersecurity status reports, metrics dashboards, and briefings to leadership and stakeholders.
• Guide systems through the A&A process, ensuring compliance with DoD RMF and component-specific requirements. Maintain associated artifacts in eMASS.
• Support internal and external audits, including Command Cyber Readiness Inspections (CCRI), by ensuring systems are audit-ready and documentation is current.
• Maintain and update all Assessment & Authorization (A&A) documentation, including the Body of Evidence, for system lifecycle compliance.
• Ensure accurate tracking of 800-53 control implementation status and regularly update STIG compliance records within eMASS.

Preferred Qualifications

• CISSP
• USAF cybersecurity experience or DoD equivalent.
• TS/SCI