Senior IA Policy & Compliance RMF Lead

Responsibilities & Qualifications

We are seeking a Senior IA Policy & Compliance/RMF Lead to join our TekSynap “West” team.

REQUIRED QUALIFICATIONS

Experience

• Minimum of 12+ years of related IT experience

Certifications

• Active CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP

• Complete DoD Enterprise Mission Assurance Support Service (eMASS) self-paced training within the transition-in period or 30 days after hiring.

• Complete DoD training Enterprise Mission Assurance Support Service-eMASS (EM22014) virtual training within task order transition-in. https://cyber.mil/training/emassem22014/

Education

• Bachelor's degree in a related field

Clearance

• Active Top- Secret clearance

RESPONSIBILITIES

• Ensures compliance with current and emerging RMF requirements for all capabilities and services.

• Risk Management Framework (RMF) is a DoD-mandated process for all systems, capabilities, services, network devices, and emerging capabilities operating on the DoDIN.

• Use established Government guidelines and reporting procedures.

• Coordinate with the Government Lead on overall priorities and changes to Government processes and procedures.

• Manage and maintain a valid, current eMASS record for each system, capability, service, or pilot identified in Specific Tasks, and those identified by the Government as emerging requirements. eMASS records may be classified, unclassified, or both.

• Utilize the RMF Knowledge Service, policy, and guidance in the accomplishment of all RMF tasks.

• Develop and submit a System Security Plan for each new eMASS record or child record.

• Apply all relevant control baselines and additional control overlays for each record.

• Assign all baseline security controls and RMF overlay controls.

• Assign inheritance per current DoD and Army continuous monitoring guidance.

• Update and maintain the software and hardware list to reflect any changes for each system, capability, service, or pilot.

• Update and maintain RMF records per site location, ensuring accurate hardware and software inventories, ACAS scans, and other unique site location data.

• Update and maintain PPS/firewall documentation to reflect any changes for each system, capability, service, or pilot.

• Ensure monthly production security scans are completed for each system, capability, service, or pilot and uploaded into the eMASS record.

• Ensure STIGs are routinely addressed at least quarterly, and controls are implemented and updated within the eMASS record.

• Update POA&Ms to reflect the results of the monthly security scans and STIG updates.

• Ensure POA&M items accurately reflect strong corrective actions or mitigations that reduce the security threat to the DoDIN-A, Army data, and Army customers.

• Verify that all remediation dates are achievable.

• Publish the POA&M workflow IAW with Government processes and procedures.

• Verify that applicable CTO POA&MS are saved into Artifacts, that the vulnerability is addressed within the eMASS POA&M, and that the POA&M workflow is released.

• Verify that system documentation is signed, reviewed on a yearly basis, and uploaded into the eMASS record.

• Complete the Annual Security Review and release the workflow.

• Update and maintain all other actions and functions within the eMASS record.

• Submit workflow for an ATO once all eMASS records actions are verified to be current and accurate; ensuring the workflow is complete and accurate and submitted 90 days prior to ATO expiration date.

• Attend monthly RMF updates on each system, capability, service, or pilot, as conducted to meet ATO suspense dates and development of new system authorizations.

• Responsible for performing and leading support of Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks

• Ensures validity and accuracy review of all associated documentation.

• Leads and performs compliance reviews of computer security plans, performs risk assessments, and validates and performs security test evaluations and audits.

• Analyzes and defines security requirements for information protection for enterprise systems and networks.

• Assists in the development of security policies.

• Analyzes the sensitivity of information and performs vulnerability and risk assessments based on defined sensitivity and information flow.

Overview

WORK ENVIRONMENT 

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of the job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• Location: Sierra Vista, AZ/Fort Huachuca, AZ
• Type of environment: Office
• Noise level: Medium
• Work schedule: Schedule is day shift Monday – Friday. May be requested to work evenings and weekends to meet program and contract needs.
• Amount of Travel: Less than 10%

WORK AUTHORIZATION/SECURITY CLEARANCE

U.S. Citizen

Active Top- Secret clearance

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to use hands to handle, feel, touch; reach with hands and arms; talk and hear. The employee is regularly required to stand; walk; sit; climb or balance; and stoop, kneel, crouch, or crawl. The employee is regularly required to lift up to 10 pounds. The employee is frequently required to lift up to 25 pounds; and up to 50 pounds. The vision requirements include close vision, distance vision, peripheral vision, depth perception, and ability to adjust focus.

OTHER INFORMATION

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice

Additional Job Information

TekSynap is a fast growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. “Technology moving at the speed of thought” embodies these principles – the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers. Apply now to explore jobs with us at www.TekSynap.com. 

We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays. 

TekSynap is a drug-free workplace. We reserve the right to conduct drug testing in accordance with federal, state, and local laws. All employees and candidates may be subject to drug screening if deemed necessary to ensure a safe and compliant working environment.

By applying to a role at TekSynap you are providing consent to receive text messages regarding your interview and employment status.  If at any time you would like to opt out of text messaging, respond "STOP". As part of the application process, you agree that TekSynap Corporation may retain and use your name, e-mail, and contact information for purposes related to employment consideration. 

EQUAL EMPLOYMENT OPPORTUNITY

In order to provide equal employment and advancement opportunities to all individuals, employment decisions will be based on merit, qualifications, and abilities. TekSynap does not discriminate against any person because of race, color, creed, religion, sex, sexual orientation, gender identity, protected veteran status, national origin, disability, age, genetic information or any other characteristic protected by law (referred to as “protected status”). This nondiscrimination policy extends to all terms, conditions, and privileges of employment as well as the use of all company facilities, participation in all company-sponsored activities, and all employment actions such as promotions, compensation, benefits, and termination of employment. TekSynap is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please contact [email protected] for assistance.