Information Assurance (IA) Manager

About The Position

Requirements

• Active Top Secret with SCI eligibility.
• CISSP or equivalent security certification. DoD Directive 8140.01 DCWF compliance - certification requirements; DoD Manual 8140.03 establishes baseline qualification for distinct work roles.
• Minimum 5+ years of experience in information assurance or cybersecurity.
• Strong understanding of the RMF steps.
• Hands-on experience with GRC Platforms for ATO and A&A package management.
• Strong working knowledge of NIST security control families and federal compliance frameworks.

Nice To Haves

• eMASS desired but not required.
• Experience supporting Marine Corps or DoD programs is highly preferred.

Responsibilities

• Oversee support of IA activities for assigned federal clients, including management and accurate reporting of OPDRS and related security tracking systems.
• Ensure full compliance with USMC security requirements pursuant to DoDD 5200.2, DoDI 8500.2, and DoD 8570.01-M.
• Advise Program Managers and ISSMs on all 18 NIST security control families, including PHI and PII overlays.
• Implement and maintain the DoD IA Risk Management Framework (DIARMF) in accordance with NIST requirements.
• Direct self-assessments and conduct IV&V activities as a certified Marine Corps Validator.
• Maintain ATO package currency, including MCCA packages within MCCAST, covering Ports, Protocols, and Services (PPS) updates.
• Manage A&A packages and provide certification recommendations to the Authorizing Official (AO).
• Conduct and manage Information Systems Continuous Monitoring (ISCM) planning and implementation.
• Perform vulnerability scanning using ACAS, Retina, and SCAP; develop, submit, and track POA&Ms.
• Track and report on IAVA/IAVB compliance and remediation.
• Supervise security tool operations including eMASS, F5, and ACAS Security Center.
• Provide and maintain Risk Analysis and Management documentation.
• Conduct IS environment cyber security assessments as required by DoD policy and regulations.
• Coordinate with internal and external entities, including penetration testing teams such as MFCC and CPT.
• Maintain and annually revaluate internal Cyber Security Policy and Standard Operating Procedures (SOPs).
• Write and maintain policy documentation addressing DIARMF security controls, System Security Plans (SSPs), and SOPs.
• Coordinate Annual Reviews for Contingency Planning and Incident Response.
• Investigate and respond to security incidents; conduct weekly IA briefings for new personnel.
• Ensure all personnel complete required System Authorization Access Reports (SAAR), DD Form 2875 prior to system access.
• Deny system access to any personnel who do not hold proper and current IA certifications.
• Ensure compliance with non-disclosure requirements in accordance with DoDI 8582.01.