Security Control Assessor I

About The Position

Requirements

• Seven (7) to Nine (9) years related experience
• Bachelor’s Degree in a related area or equivalent experience (Four (4) years)
• Minimum of four (4) years’ experience in SAP and Collateral Information Systems (IS) Security and the implementation of regulations identified in the description of duties.
• Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 3 or Information Assurance Manager Level 3 within 6 months of the date of hire
• Current Top Secret Clearance with SCI Eligibility
• Eligibility for access to Special Access Programs
• Willingness to submit to a Counterintelligence Polygraph
• Must be familiar with current security policy/manuals
• Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel and industry partners
• Working knowledge of Microsoft Office (Word, PowerPoint, and Excel)
• Possess a high degree of originality, creativity, initiative requiring minimal supervision
• Willingness to travel within the organizational geographic Area of Responsibility (AOR) (note - could be extensive, and will include both air and ground transportation)
• Must be able to lift 50 lbs
• Excellent customer service via phone and face to face conversation, excellent written and oral command of English.

Responsibilities

• Perform oversight of the development, implementation and evaluation of IS security program policy; special emphasis placed upon integration of existing SAP network infrastructure
• Perform assessment of ISs, based upon the Risk Management Framework (RMF) or the JAFAN 6/3 process
• Advise the Government on any assessment and authorization issues
• Advise the Government on assessment methodologies and processes
• Evaluate Authorization packages and make recommendation to the AO and/or DAO for authorization
• Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required
• Advise the Government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system
• Review and approve the IS Security Assessment Plan, which is comprised of the SSP, the SCTM, and the Security Control Assessment Procedures
• Ensure security assessments are completed for each IS
• At the conclusion of each security assessment activity, prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment
• Initiate a Plan of Action and Milestones (POA&M) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
• Evaluate security assessment documentation and provide written recommendations for security authorization to the Government
• Develop recommendation for authorization and submit the security authorization package to the Government
• Assess proposed changes to ISs, their environment of operation, and mission needs that could affect system authorization
• Ensure approved procedures are in place for clearing, purging, declassifying, and releasing IS memory, media, and output
• Assist Government in compliance inspections
• Assist the Government with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken
• Assess changes within the IS boundary that could affect the authorization of the boundary
• Ensure that IS requirements are addressed during all phases of the system life cycle