Provide cybersecurity risk assessments to support various US Army Product Managers developing products and systems for fielding to warfighters.
Essential Job Functions:
Experience with the Risk Management Framework (RMF) process.
Perform product risk assessment audits and scans IAW DODI 8510.01 Risk Management Framework process.
Work with the Information Security System Manger-Organization (ISSM-O) to ensure product scans are done in a timely manner.
Advise appropriate Government senior leadership or Authorizing Official of changes affecting the Information Assurance (IA) posture of the organization and its programs.
Review Authorization To Operate (ATO) packages for compliance to RMF process using the Enterprise Mission Assurance Support Service (eMASS).
Review product Cybersecurity Strategy and Program Protection Plans for compliance with current Army regulations and policies.
Ensure plans of actions and milestones (POAMs) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Ensure that IA inspections, tests, and reviews are coordinated for the network environment.
Travel up to 10% of the time.
Due to sensitivity of customer related requirements, U.S.Citizenship is required.
Bachelor's degree in Cybersecurity.
DOD Secret clearance.
Twelve (12) years’ experience working in cybersecurity field.
Certified Information Security Manager (CISM) certification.
Experience using eMASS.
Ability to interface with different levels and expertise of Army Product Management development personnel and Program Executive Officer level personnel.
Knowledge of Cybersecurity IAW DODI 8500.01 Cybersecurity and DODI 5200.39 Critical Program Information (CPI) Identification and Protection Within Research, Development, Test and Evaluation (RDT&E).
Knowledge of the Federal Information Security Management Act (FISMA) of 2002.
Knowledge of FIPS PUB 199 Standards for Security Categorization of Federal Information Systems.
Knowledge of DODD 8115.01 Information Technology Portfolio Management and the governance process prescribed in this instruction.
Knowledge of National Institute of Standards and Technology (NIST) special publication (SP) 800-37 and SP 800-53.
Knowledge of Information Security auditing and product scanning.
Working knowledge of MS Office to include: MS Word, MS Power Point, and MS Excel.
Working knowledge of SharePoint.
Previous experience working in an Army Product or Project Manager organization supporting cybersecurity activities.
Certified Information Security System Professional (CISSP) certification.
Master's Degree in Cybersecurity.