A&A Technical Site Lead / Deputy Project Manager

About The Position

Requirements

• US Citizenship required and hold DOD Secret or higher clearance.
• Intimate understanding of NIST RMF implementation guidance.
• 10 plus years of cyber (Cloud, ISSM, ISSO), Networking and Systems Engineering
• 5 plus years lead or management experience
• Hands-on experience with using eMASS or similar Information Assurance tools.
• Extensive knowledge of cloud environments such as Microsoft Azure and AWS.
• Well-developed understanding of Federal Civilian or DHS Security Assessment and Authorization (SA&A) processes.
• In-depth understanding of the relevance of NIST Security Controls and Control Implementation methodologies to the SA&A process.
• Experience analyzing vulnerability scans and STIG implementations.
• Can demonstrate understanding of critical documentation required in Security Authorization (SA) Packages.
• Ability to understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN).
• DoD 8570/8140 IAT III baseline certification (e.g., CISSP, CISM, CISA, CCNP Security)
• CSSP-AU certification - must obtain within 60days of employment.
• Knowledge/Familiarity with DoD 8500, DoD 8510, DHS 4300 A and B, NIST SP 800-18, 60, 70, 53, 53A, 137, IACS, CMRS, COAMS, JIMS, Swimlane, Governance, Risk, and Compliance, POA&M (i.e., Management, Assessment, etc.), ERS, FISMA, Knowledge Service, ACAS, Tanium, Power BI, Project/Program Management, TASKORD (i.e., FRAGO, CTO, etc.), and Data Calls (i.e., OIG Audit, etc.)

Nice To Haves

• Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A).
• Relevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with specific current hands-on experience researching, writing, and submitting complete A&A documentation packages for new system authorizations.
• Typically has a University Degree (BA/BS) or equivalent experience and minimum 5 years related work experience.

Responsibilities

• Serve as onsite Project Manager and representative of assigned department for meetings and efficiently lead internal resources to meet established milestones and targeted completion dates.
• Provide guidance, coaching and training to 10+ employees of assigned teams.
• Review security control package submissions from validator staff.
• Subject Matter Expert in the Risk Management Framework Steps 0 to 7.
• Demonstrate experience applying the Risk Management Framework (RMF) to cloud environments, including assessing and mitigating cloud-specific risks
• Provide the United States Coast Guard (USCG) with tailored documentation to support their security authorization.
• Plan and execute security control assessments for various information systems within the organization.
• Develop and maintain assessment procedures and methodologies aligned with NIST guidelines and other relevant frameworks.
• Analyze and evaluate the effectiveness of implemented security controls.
• Identify vulnerabilities, weaknesses, and potential risks in information systems and infrastructure.
• Prepare detailed Security Assessment Reports (SARs) documenting findings and recommendations.
• Collaborate with system owners, ISSOs, and other stakeholders throughout the assessment process.
• Verify the implementation of remediation actions and conduct follow-up assessments as needed.
• Provide expert advice on the development and maintenance of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Stay current with evolving cybersecurity threats, technologies, and best practices.
• Validate security control implementation and provide test results.
• Hands-on experience in assessing RMF Step 4 and performing continuous monitoring.
• Examine security control weaknesses and determine if they are producing the desired intent.
• Deep understanding of Vulnerability Management practices.

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive compensation, benefits and learning and development opportunities.
• Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
• At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.