Designated Authority/Official Representative

Location: Springfield, VA
Date Posted: 08-24-2018
Join ICES on a newly awarded contract impacting national security as a Designated Authority/Official Representative.  These positions are located in Springfield, VA. All positions require an active/current TS/SCI security clearance with Counterintelligence Polygraph and be willing and able to pass an additional polygraph as needed.
 
As a Designated Authority/Official Representative specific responsibilities include, but are not limited to:
  • Select and allocate appropriate security controls for information systems based on data types
  • Identify, prioritize, and determine security risk impacts to the information systems and its data
  • Monitor information system’s Plan of Action & Milestones (POA&Ms) to confirm findings, recommendations, risk mitigation strategies, and milestones
  • Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an A&A workflow software application
  • Review and compile the BOE (i.e., security control allocations, security control implementations, test results, Security Assessment Reports (SARs), POA&Ms, risk acceptance recommendations, and risk mitigation strategies) to support the recommendation for client risk acceptance authorization decisions
  • Review SARs, verify test results, and create POA&Ms to document corrective actions with milestone completion dates
  • Assist in developing risk mitigation strategies, solutions, and recommendations by reviewing security tests results, reviewing security control assessments, and participating in security design reviews and milestone decision boards
  • Develop and document risk assessment results and recommendations using identified threats, applicable vulnerabilities, and likelihood of occurrence within the context of client risk tolerances
  • Provide guidance to Program Managers (PMs) and Information Systems Owners (ISOs) for securing information systems in accordance with ICD 503, CNSSI 1253, and NIST SP 800-30, 800-37, 800-39, and 800-137
  • Provide guidance and recommendations concerning the impact to client risk management processes of new or revised IC and DoD policies, directives, and guidance
  • Promote an understanding and use of Enterprise Security Services (ESS) to enable consistent, efficient, and effective security control implementation throughout the System Development Lifecycle (SDLC)
Required Qualifications:
  • Hold a current, active and maintain a TS/SCI U.S. Government security clearance
  • Bachelor’s Degree in Information Technology, Information Systems Security, Cybersecurity, or related field
  • 5+ years of relevant consulting or industry experience
  • Proven experience effectively prioritizing workload to meet deadlines and work objectives
  • Demonstrated ability to write clearly, succinctly, and in a manner that appeals to a wide audience
  • Proficiency in word processing, spreadsheet, and presentation creation tools, as well as Internet research tools
  • Hold or earn an IAT/IAM Level III security certification within 6 months of hire.  Certifications include: CISSP, CISM, CISA, CASP, CCNP Security, GCED, GCIH, or GSLC.
Desirable Qualifications:
  • Strong communication skills and the ability to advise clients on technical designs, implementations,  and solutions to protect against cyber security attacks
  • A&A (RMF) SME with experience engineering and/or architecting cyber security solutions
  • Understanding of cyber defensive architecture and technologies required to protect, detect, and respond to cyber threats and attacks
  • Understanding of fundamental cloud computing concepts
Knowledge of and experience with Federal security policies, regulations, standards, and processes including FISMA, FIPS, ICD, NIST, & CNSSI
 
 
or
this job portal is powered by CATS