Key skills
Cyber SecurityIAMRisk Management
About this role
Role Overview
- Lead implementation and sustainment of DFARS/NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) controls for systems handling Controlled Unclassified Information (CUI)
- Develop and maintain security documentation (including System Security Plans and POA&Ms)
- Coordinate audits and remediation with program stakeholders and assessors
- Drive ongoing monitoring to protect CUI in accordance with DFARS 252.204-7012 and CMMC requirements
- Leads a team of ISSOs performing cybersecurity governance work on CUI, DFARS, and CMMC systems
- Performs security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
- Oversees configuration management of assigned systems; auditing systems to ensure security posture integrity
- Conducts risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
- Conducts periodic hardware/software inventory assessments
- Serves as organization spokesperson on advanced projects and programs
- Acts as advisor to management and customers on advanced technical research studies
- Interfaces with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements.
Requirements
- Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM)
- 5+ years of experience with cyber security policies and implementation of Risk Management Framework (RMF)
- 3+ years of experience implementing and sustaining Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012/National Institute of Standards and Technology (NIST) SP 800-171 controls and mapping to Cybersecurity Maturity Model Certification (CMMC) requirements
- 5+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM)
- 5+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
- 5+ years of experience assessing and documenting test or analysis data to show cyber security compliance.
Tech Stack
- Cyber Security
Benefits
- health insurance
- retirement savings plans
- life and disability insurance programs
- flexible spending accounts
- health savings accounts
- paid time off