What You’ll Do

• Serve as the central point of contact to the customer and coordinate between personnel in all task areas within the program (i.e. Risk Management and Information Security Continuous Monitoring (ISCM), Information System Security Officers and System Security, and the Privacy Office).
• Provide technical and operational subject matter expertise in cyber risk management, the Risk Management Framework (RMF), OMB and FISMA guidance and mandates, NIST Special Publications, the Federal Risk and Authorization Management Program (FedRAMP), and program and project management involving Federal and Commercial shared services.
• Perform project management activities, including creating and updating project plans and actions, coordinating and tracking activities, and providing status reports.
• Shall be responsible for submitting all reports and deliverables.
• Shall be responsible for responding to all Government inquiries within timeframes based on criticality labels.
• Develop and conduct Risk Management Framework (RMF) briefings for existing information systems requiring Authorization to Operate (ATO) renewals.
• Prepare Security Impact Assessments (SIA’s) to determine if proposed changes to information systems warrant new Assessment & Authorization (A&A) packages.
• Establish advanced analytics to enable dashboarding capabilities for monitoring and governance of systems.
• Provide Continuous Monitoring reporting based on the organization’s Continuous Diagnostic and Mitigation (CDM) program.
• Perform control assessments and documentation updates for the supported systems.
• Maintain Interconnection Security Agreements (ISA) for information systems connecting to external entities.
• Maintain Plans of Action and Milestones (POA&Ms) in GRC tools and systems of record (e.g. Xacta), including creating, monitoring, closing, and reporting. 
• Coordinate Incident Response with Information Systems Security Managers (ISSMs) and System Owners (SO) to include all associated actions necessary to mitigate the risk to unit systems.
• Support risk analysis and approval process for deviation/exemption requests to organization-wide Web Filtering, SSL Inspection, Data Loss Prevention (DLP), and IT Configuration Management policies for perimeter network devices and defense capabilities.
• Provide recommendations for updates and support review and approval processes for organization Standard Technical Implementation Guides (STIG) for commonly sure software across the agency (i.e., Windows Desktop/Server, Web Browsers, Databases).
• Provide technical writing support for formal documentation reports, training materials, slide decks, and architecture diagrams.

Education + Requirements

• 19  years of relevant experience, or 
• AA/AS +17 years of relevant experience, or 
• BA/BS +15 years of relevant experience, or 
• MA/MS +13  years of relevant experience 

Significant expertise, deep knowledge, and practical experience with:

• Risk Management Framework (RMF) 
• NIST Special Publications (800 series)
• FedRAMP / Cloud Service Providers (CSPs) - auditing, compliance, risk, assessment, etc.
• Federal Continuous Diagnostics and Mitigation (CDM) program structure, component tools/capabilities, and requirements
• Xacta Risk Management Platform (Xacta 360 / Xacta.io),
• Vulnerability Scanning/Assessment tool data/outputs (e.g. Tenable/Nessus),
• Web Application Scanning/Assessment tool data/outputs (e.g. Accunetix),
• Cloud services/platform compliance and assessment tools (i.e. Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)),
• Splunk and/or Elastic for reviewing federal Continuous Diagnostics and Mitigation (CDM) program datasets (e.g. BigFix/HCL, Microsoft Defender for Endpoint, etc.) 

Preferred Certifications

• PMP
• CISSP
• CCSP, CIPP, CAP, CASP / GSLC / CISM/CSM, or other industry-standard security certifications

Security Clearance

• U.S. citizenship
• Ability to achieve Public Trust or higher government clearance.