Authorization and Accreditation Lead

About The Position

Requirements

• Security Clearance: Active TS/SCI with Polygraph is required.
• Education and Experience (Tier 1): Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Computer Engineering, or Information Systems AND 3+ years of combined professional experience in IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response.
• Education and Experience (Tier 2): OR High School Diploma AND 8+ years of combined professional experience in IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response.
• Specialized Experience: 6+ years of experience in a role such as an Information Systems Security Engineer (ISSE), specifically accrediting Sponsor programs.
• Sponsor A&A Expertise: Demonstrated experience completing new system authorization and accreditation through the Sponsor’s Authorization and Accreditation (A&A) processes, procedures, security requirements, and systems (e.g., Greenlight).
• Policy Knowledge: Experience in security policy development, counterintelligence principles, and the application of security controls.

Nice To Haves

• Cloud Certification: Certified in AWS or an equivalent cloud technology.
• Professional Certifications: Hold one or more of the following: Security+, Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or an equivalent security certification.

Responsibilities

• Risk Management Framework (RMF) Execution: Lead and execute all activities across the entire RMF lifecycle: Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor.
• A&A Artifact Development: Develop, review, and rigorously maintain all required accreditation artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, and Plans of Action & Milestones (POA&Ms).
• Compliance Monitoring: Monitor continuous compliance with established regulations and standards, including NIST 800-53, NIST 800-171, ICD 503, FedRAMP, FISMA, and specific agency policies. Prepare for and actively support audits, inspections, and formal security assessments.
• Security Testing and Remediation: Conduct essential security activities such as vulnerability scanning, compliance checks, and risk assessments utilizing industry tools (e.g., Nessus or Tenable.sc), and manage the comprehensive tracking and resolution of identified weaknesses.
• Documentation and Reporting: Create and maintain current security documentation, continuous monitoring strategies, incident response plans, and compliance reports. Deliver clear, concise briefings and status updates to program leadership and the Authorizing Official (AO).
• Security Integration: Collaborate proactively with system owners, engineers, and developers to ensure security controls are correctly integrated into the system's design, development, and operational lifecycle.
• System Security Liaison: Serve as the primary cybersecurity point of contact for assigned systems, ensuring clear, consistent, and effective communication with all internal and external stakeholders.