Delegated Authorizing Official Representative 3

Responsibilities

• Responsible for identifying the overall security requirements for data protection, ensuring the implementation of appropriate information security controls, and performing and analyzing the security risk assessment, risk analysis, risk management process, security control assessments, and awareness activities for systems and networking operations.
• Provide assistance to ensure Cybersecurity functions are included in the configuration management process.
• Interact with customers, Information Technology (IT) staff, and high-level corporate officers in defining and achieving required Cybersecurity objectives for the organization.
• Contribute to building security architecture. Assist with the integration of legacy systems.
• Contribute to the acquisition/RDT&E environment and build cybersecurity into systems deployed in operational environments.
• Prepare security authorization documentation.

Minimum Qualifications

• Eight (8) years of experience as an IT Risk Assessor, System Security Engineer, Information Systems Security Manager or DAO in programs and contracts of similar scope, type and complexity is required. 
• A Bachelor’s Degree in Computer Science or IT Engineering. 
• In lieu of a Bachelor’s degree, an additional four (4) years of experience for a total of twelve (12) years.
• Working knowledge of the following is required: system security design process, defense-in-depth/breadth, engineering life cycle, information domains, cross-domain solutions, controlled interfaces, identification, authentication and authorization, system integration, ICD 503 (formerly NISCAP), risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, auditing, security authorization process, principles of Cybersecurity (confidentiality, integrity, non-repudiation, availability, access control), and security testing.
• Required Certifications (one or more): CISM, CISSP (or Associate), GSLC, CCISO

Required Capabilities

• Perform security planning, security assessment, risk analysis, risk assessment, and risk management support activities
• Perform risk assessment and management to support the integration of legacy systems into the existing IT environment
• Review and analyze Cybersecurity built into systems to be deployed to operational environments
• Prepare risk assessment, plan of action, authorization recommendations, and related security authorization documentation
• Identify and support overall security requirements for data protection to ensure the implementation of information security policies, activities, and controls.
• Ensure Cybersecurity functions are included in the development and risk management process, particularly those focusing on infrastructure protection and defensive IT strategy.
• Facilitate interaction with customers, IT staff, and high-level corporate officers to assist in defining and achieving required risk management objectives for the organization.
• Support integration of legacy systems within the respective IT environment.