Senior IA Policy & Compliance/RMF Lead

TekSynap•Sierra Vista, AZ

12d•Onsite

About The Position

We are seeking a Senior IA Policy & Compliance/RMF Lead to join our TekSynap “West” team. T ekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. “Technology moving at the speed of thought” embodies these principles – the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers. We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays. Visit us at www.TekSynap.com . Apply now to explore jobs with us! The safety and health of our employees is of the utmost importance. Employees are required to comply with any contractually mandated Federal COVID-19 requirements. More information can be found here . By applying to a role at TekSynap you are providing consent to receive text messages regarding your interview and employment status. If at any time you would like to opt out of text messaging, respond "STOP". As part of the application process, you agree that TekSynap Corporation may retain and use your name, e-mail, and contact information for purposes related to employment consideration.

Requirements

Active Top- Secret clearance
Active CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
Minimum of 12+ years of related IT experience
Bachelors degree in a related field
Complete DoD Enterprise Mission Assurance Support Service (eMASS) self-paced training within the transition-in period or 30 days after hiring.
Complete DoD training Enterprise Mission Assurance Support Service-eMASS (EM22014) virtual training within task order transition-in.
https://cyber.mil/training/emassem22014/

Responsibilities

Ensures compliance with current and emerging RMF requirements for all capabilities and services.
Risk Management Framework (RMF) is a DoD-mandated process for all systems, capabilities, services, network devices, and emerging capabilities operating on the DoDIN.
Use established Government guidelines and reporting procedures.
Coordinate with the Government Lead on overall priorities and changes to Government processes and procedures.
Manage and maintain a valid, current eMASS record for each system, capability, service, or pilot identified in Specific Tasks, and those identified by the Government as emerging requirements.
eMASS records may be classified, unclassified, or both.
Utilize the RMF Knowledge Service, policy, and guidance in the accomplishment of all RMF tasks.
Develop and submit a System Security Plan for each new eMASS record or child record.
Apply all relevant control baselines and additional control overlays for each record.
Assign all baseline security controls and RMF overlay controls.
Assign inheritance per current DoD and Army continuous monitoring guidance.
Update and maintain the software and hardware list to reflect any changes for each system, capability, service, or pilot.
Update and maintain RMF records per site location, ensuring accurate hardware and software inventories, ACAS scans, and other unique site location data.
Update and maintain PPS/firewall documentation to reflect any changes for each system, capability, service, or pilot.
Ensure monthly production security scans are completed for each system, capability, service, or pilot and uploaded into the eMASS record.
Ensure STIGs are routinely addressed at least quarterly, and controls are implemented and updated within the eMASS record.
Update POA&Ms to reflect the results of the monthly security scans and STIG updates.
Ensure POA&M items accurately reflect strong corrective actions or mitigations that reduce the security threat to the DoDIN-A, Army data, and Army customers.
Verify that all remediation dates are achievable.
Publish the POA&M workflow IAW with Government processes and procedures.
Verify that applicable CTO POA&MS are saved into Artifacts, that the vulnerability is addressed within the eMASS POA&M, and that the POA&M workflow is released.
Verify that system documentation is signed, reviewed on a yearly basis, and uploaded into the eMASS record.
Complete the Annual Security Review and release the workflow.
Update and maintain all other actions and functions within the eMASS record.
Submit workflow for an ATO once all eMASS records actions are verified to be current and accurate; ensuring the workflow is complete and accurate and submitted 90 days prior to ATO expiration date.
Attend monthly RMF updates on each system, capability, service, or pilot, as conducted to meet ATO suspense dates and development of new system authorizations.
Responsible for performing and leading support of Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks
Ensures validity and accuracy review of all associated documentation.
Leads and performs compliance reviews of computer security plans, performs risk assessments, and validates and performs security test evaluations and audits.
Analyzes and defines security requirements for information protection for enterprise systems and networks.
Assists in the development of security policies.
Analyzes the sensitivity of information and performs vulnerability and risk assessments based on defined sensitivity and information flow.