Information Assurance Compliance Specialist II

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, or a related technical degree from an accredited college or university.
• Minimum: Three (3) years of professional experience in information assurance compliance
• IAM Level 2 certification required.
• Acceptable certifications include one of the following: CAP (Certified Authorization Professional) CASP+ CE CISM (Certified Information Security Manager) CISSP or CISSP Associate GSLC (GIAC Security Leadership Certification) CCISO HCISPP
• Operating System/Computing Environment (OS/CE) qualification as directed by Privileged Access Agreement and DFARS 252.239-7001 requirements
• Active Secret security clearance

Nice To Haves

• Four (4) years of professional experience in information assurance compliance

Responsibilities

• Collect and collate system or site information and evaluate/document in eMASS the security posture of systems being assessed, authorized, and maintained
• Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, NAVSEA business rules, DON RMF process guides, and NAVSEA SOPs
• Develop RMF package documentation including AO determination request packages, system PIT determinations, categorization forms, HW/SW lists, authorization boundary diagrams, defense in depth diagrams, PPSM lists, PIAs, security plans, POA&Ms, SAPs, STIGs, SARs, RARs, and security authorization packages
• Develop or revise policies, plans, and strategy documents to meet RMF control family requirements including incident response plans, contingency plans, IAVM plans, configuration management plans, and physical security plans
• Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs
• Conduct systems security evaluations, audits, and reviews
• Determine residual risk of packages based on content and assessment results for Security Controls Assessor (SCA) review
• Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems
• Execute STIGs, SRGs, ACAS scanning, and apply patches to obtain cybersecurity compliance and remediate vulnerabilities
• Develop and maintain POA&Ms in eMASS for all IA-related tasks and deliverables
• Perform analysis of logs, events, and reporting of data collection tools including ACAS, HBSS, web content filters, SIEM, firewall systems, network devices, server devices, workstations, and IDS/IPS
• Assess impacts from observed risks and report via the cybersecurity program chain of command
• Conduct systems security reviews, audits, or evaluations to ensure accreditation documents are accurate
• Develop and update all required eMASS documents including POA&Ms, RARs, and DISA STIGs at specified frequencies
• Determine system compliance with all applicable controls and assessment procedures for DON systems
• Ensure RMF artifacts comply with Navy/NAVSEA business rules, NIST SP-800-37, and SP-800-53 Rev 4
• Perform evaluation of system administrator, security engineer, and system owner proposed corrections to ensure compliance
• Present and submit data to management, develop reports, and produce procedural documentation
• Manage, attend, and support Configuration Control Board practices
• Track deliverables and action items in accordance with A&A guidance
• Support cybersecurity technical writing as required

Benefits

• Medical, dental, vision, disability, and life insurance
• Flexible Spending Accounts
• 401(k)
• PTO
• Professional Development
• Paid federal holidays
• Paid Parental Leave