POA&M Manager

Clearance Level
None
Category
Cyber Security
Location
Washington, District of Columbia

REQ#: RQ81466

Travel Required: None
Public Trust: None
Requisition Type: Regular

General Dynamics Information Technology is a premier provider of high-tech IT solutions to the government IT market. We deliver cost-effective, next-generation IT solutions and services to the Department of Defense, the intelligence community and federal civilian agencies as they modernize their information systems.

Job Description

The Federal Energy Regulatory Commission (FERC) is an independent agency that regulates the interstate transmission of electricity, natural gas, and oil.  FERC also reviews proposals to build liquefied natural gas (LNG) terminals and interstate natural gas pipelines as well as licensing hydropower projects.  GDIT provides IT security support services to the office of the FERC CIO.  The GDIT team supporting FERC has a position opening for a POA&M Manager to aggressively manage and help FERC close its backlog of POA&Ms.  The well qualified candidate will be an analytical, detail-oriented, self-starter ISSO with deep understanding of the Risk Management Framework (RMF), experience preparing and managing POA&Ms, strong excellent communications and facilitation skills, and a customer service orientation.    

Responsibilities:

  • Collaborate with ISSOs and system owners to document and manage POA&Ms for the client database.   
  • Responsible for ensuring appropriate operational security posture is maintained in coordination with ISSOs and controls testers. 
  • Maintain integrity of POA&M database to ensure data is correct and update POA&MS and provide guidance to correct or mitigate risks.   
  • Additional responsibilities include facilitation of monthly client meetings and collection/submission of artifacts for testing. 
  • Identify, locate, and inventory all CIO governance documents including policy documents and SOPs

Mandatory Qualifications:

  • Must be a US Citizen.
  • BA or BS, preferably in Engineering, Computer Science, Information Systems or related Science degree
  • Knowledge of 800-53 requirements and implementation methods.
  • Ability to understand RMF processes and security best practices to support ISSOs and controls testers on the rigor of the POA&Ms.
  • Demonstrated experience performing risk management activities such as POA&Ms and risk assessment reports. 
  • Ability to review all proposed vulnerabilities to be able to create POA&Ms or recommendations for risk acceptance/waivers.
  • Strong communications and facilitation skills
  • Self-starter with strong customer service orientation


Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security.

Develops techniques and procedures for conducting cybersecurity risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents such as intrusion, frauds, attacks or leaks.

Provides guidance and leadership to less-experienced cybersecurity personnel.

DESIRED QUALIFICATIONS: BA/BS (or equivalent experience), 5+ years of experience

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.