Stays current with headquarter’s policies and provides recommendations for new or updates to local policies, procedures and standards based on NIST 800-53 standards, headquarter changes, and best practices.
Develops recommended new or updated local policies, procedures, and standards.
Provides in a timely manner, summary advisory and assessment reports outlining the effects of headquarter’s policy changes or recommendations to local policies.
Provides in a timely manner, a Policy Change Summary Report for the development of new or updated policies, procedures, standards, strategies, network architecture, etc.
Vulnerability Management Expertise:
Utilize ACAS to scan systems, review scan results, prioritize vulnerabilities.
Create in a timely manner, customized reports to recommend the best course of action to mitigate newly found vulnerabilities.
Disseminate in a timely manner, system scan results to technical team leads to facilitate system patching.
Develops and tracks Plans of Actions and Milestones (POA&M) items to resolution in support of IA compliance.
Security Assessment and Authorization Expertise:
Conducts RMF compliant Security Assessment and Authorization (SA&A) in line with NIST and client guidance and directives for new and existing applications, systems, and programs, including evaluation of organizational policies, procedures, and security measures and provide recommendations to system stakeholders for appropriate mitigation techniques or strategies in support of risk acceptance decisions.
Submit all required documentation for obtaining an Authorization to Operate/Connect to the Approving Officer.
Maintain eMASS records and RMF artifacts to support system accreditation.
Provide monthly status reports of SA&A activities.
Active Top-Secret clearance with SCI eligibility.
12 years of related experience in Information Assurance with at least 3 years of experience within each expertise area of security policy, vulnerability management, and security assessment and authorization.
Bachelor’s Degree and master’s degree (may substitute additional years of experience)
In depth knowledge and experience implementing NIST guidance relating to SA&A, including System Security Plans, Security Test & Evaluation Plans, Risk Assessments, Contingency Plans, and Business Impact Analysis, and applying applicable standards and guidance to managed systems.
Communication skills required in one on one, team, and senior management settings.
The ability to work and set priorities on multiple projects/tasks at once and operate in a dynamic, fast-paced team-oriented environment.
Must have IAM Level III Certification (CISSP, CISM or GSLC)
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.