Back to Directory

Responsibilities

• Responsible for RMF ATO compliance review information system and program security plans, assessments, risk packages, self-assessments, POA&Ms, and continuous monitoring data to validate risk remediation performance and management
• Review information system and program POA&Ms closure, waiver, and risk acceptance requests to validate the information and advise federal staff on the soundness of request justification and evidence
• Provide quality assurance of all security authorization documentation and other documentation that supports the system
• Review, analyze, and manage DHS Performance Plan Metrics for assigned programs and systems; report any discrepancies to the Federal Compliance Manager, ISSO, and ISSM
• Develop security authorization packages and other compliance documents to be routed for approvals and signature
• Provide oversight of vulnerability and weakness management for MGMT systems
• Prepare reports on the aggregate risk for systems in supported programs
• Provide risk determinations in support of security authorization, weakness remediation, and audit activities
• Attend SDLC/SELC project meetings for each DHS system, review system business requirements against NIST and DHS security control requirements to identify gaps and discuss solutions/mitigations, rate the risk of the identified gaps and raise them to the Federal Compliance Manager and Federal Information System Security Manager
• Provide guidance and support to all MGMT systems on Ongoing Authorization (OA) processes and procedures. Review Ongoing Authorization documents and develop the OA Submission package and its contents.
• Conduct monthly reviews of OA systems to ensure they are meeting OA program requirements
• Organize, prepare, participate in and sometimes run the monthly Organizational Risk Management Board (ORMB) meeting to include the release of meeting minutes to attendees
• Validate the System Control Allocation Table (CAT) is accurate and corresponds to the annual OA assessment frequency requirements
• Conduct annual assessments as required for OA systems. Ensure the MGMT OA Program strictly abides by the DHS Ongoing Authorization Methodology
• Draft and propose Standard Operational Procedures (SOP) as requested by the government and review/update all SOPs annually

Certifications

• At least one of the following:
• CISSP
• CAP
• CompTIA Security+

Qualifications

• Must have a Bachelor’s Degree in Computer Science or related field
• Must have an active Secret security clearance
• Must have 4 years of relevant work experience
• Excellent verbal and written communication skills
• Ability to meet deadlines and work independently

Location

• This position requires the candidate to come on-site to the facility twice a week (Tuesday & Thursday), and work can be done remotely. The main facility is located in the National Capital Region within the DC Metropolitan area.

Salary

• Salary is based on the number of years of relevant work experience the candidate has.

Please email your resume to our HR Recruiters