Responsibilities
- Exercise authority over cybersecurity for designated information systems, ensuring security measures are properly applied, sustained, and continuously observed across the system lifecycle.
- Lead end-to-end execution of the Risk Management Framework (RMF), covering system classification, control selection and implementation, assessment, authorization, continuous monitoring, and risk mitigation.
- Manage and coordinate Interim Authorization to Test (IATT), Authorization to Operate (ATO), Authorization to Connect (ATC), and similar processes, ensuring timely preparation, submission, and upkeep of accreditation documentation.
- Create, update, and evaluate System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), security policies, procedures, and continuous monitoring records.
- Provide technical supervision, mentorship, and quality review for Information System Security Officers (ISSOs) managing daily cybersecurity operations.
- Act as the primary cybersecurity point of contact for the Authorizing Official (AO), Security Control Assessor (SCA), system owners, and government stakeholders, delivering clear updates on risk, compliance, vulnerabilities, and authorization decisions.
- Perform and oversee cybersecurity risk evaluations, vulnerability analyses, security impact assessments, remediation planning, and POA&M tracking to minimize organizational risk.
- Collaborate with system administrators, network engineers, software developers, systems engineers, cloud engineers, and mission partners to ensure effective implementation and maintenance of security controls.
- Evaluate proposed changes to systems, architecture, software releases, and new technologies to assess cybersecurity implications and preserve authorization status.
- Support cybersecurity engineering throughout system design, integration, testing, deployment, and sustainment phases.
- Prepare for and assist in cybersecurity audits, inspections, assessments, and compliance reviews conducted by government and external entities.
- Support incident response, cybersecurity investigations, and reporting, ensuring proper documentation and corrective actions are executed.
- Develop and deliver cybersecurity awareness materials and training for technical staff and system users.
- Produce executive-level briefings, risk analyses, compliance reports, and technical recommendations for senior government decision-makers.
Responsibilities
- Exercise authority over cybersecurity for designated information systems, ensuring security measures are properly applied, sustained, and continuously observed across the system lifecycle.
- Lead end-to-end execution of the Risk Management Framework (RMF), covering system classification, control selection and implementation, assessment, authorization, continuous monitoring, and risk mitigation.
- Manage and coordinate Interim Authorization to Test (IATT), Authorization to Operate (ATO), Authorization to Connect (ATC), and similar processes, ensuring timely preparation, submission, and upkeep of accreditation documentation.
- Create, update, and evaluate System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), security policies, procedures, and continuous monitoring records.
- Provide technical supervision, mentorship, and quality review for Information System Security Officers (ISSOs) managing daily cybersecurity operations.
- Act as the primary cybersecurity point of contact for the Authorizing Official (AO), Security Control Assessor (SCA), system owners, and government stakeholders, delivering clear updates on risk, compliance, vulnerabilities, and authorization decisions.
- Perform and oversee cybersecurity risk evaluations, vulnerability analyses, security impact assessments, remediation planning, and POA&M tracking to minimize organizational risk.
- Collaborate with system administrators, network engineers, software developers, systems engineers, cloud engineers, and mission partners to ensure effective implementation and maintenance of security controls.
- Evaluate proposed changes to systems, architecture, software releases, and new technologies to assess cybersecurity implications and preserve authorization status.
- Support cybersecurity engineering throughout system design, integration, testing, deployment, and sustainment phases.
- Prepare for and assist in cybersecurity audits, inspections, assessments, and compliance reviews conducted by government and external entities.
- Support incident response, cybersecurity investigations, and reporting, ensuring proper documentation and corrective actions are executed.
- Develop and deliver cybersecurity awareness materials and training for technical staff and system users.
- Produce executive-level briefings, risk analyses, compliance reports, and technical recommendations for senior government decision-makers.
Other
This position is dependent on contract award and funding availability.