Cybersecurity and Records Management Subject Matter Expert

Clearance Level
Cyber Security
Sembach, Germany

REQ#: RQ90502

Travel Required: Less than 10%
Public Trust: SSBI (T5)
Requisition Type: Regular

•    Cybersecurity Policy and Planning Support - Support the government in providing technical assistance in support of the government inspections and Staff Assisted Visits (SAVs).
•    Support administration, drafting, reviewing, updating policy and guidance that implements Federal and DoD policies and requirements based on local command policies and environments.
•    Drafting, providing annual review, editing, updating, analyzing, and recommending guidance to Standard Operating Procedures (SOPs), Tactics, Techniques, & Procedures (TTPs) and Plan of Action and Milestones (POAM’s) for the customer.
•    Assists in collecting, compiling, and reporting Army Portfolio Management System (APMS), and Federal Information Security Management Act (FISMA), or successor program compliance metrics for the customer’s Cyber Division unclassified and classified networks, devices, personnel, and systems using the Enterprise Mission Assurance Support Service (eMASS).
•    Support the government in formulating and documenting technical approaches to review, establish, and maintain standards and site security procedures.
•    Coordinates Cybersecurity Readiness / Site Assistance Visits
•    Assists with developing a SAV Plan, including logistics for executing, TTPs, schedule, roles/responsibilities of involved parties.
•    Supports a Commander’s Cybersecurity Program by conducting SAV and unannounced cybersecurity compliance visits in order to assist subordinate units with the framework necessary to secure information, including its associated system resources.
•    As part of SAV, assists in performing security audits (via spot check) and identify security gaps in security architecture, resulting in recommendations for inclusion into the risk mitigation strategy.
•    Plan and recommend modifications or adjustments based on SAV or Command Cyber Readiness Inspection (CCRI) results or system environment review.
•    Review and provide recommendations based on sites Disaster Recovery/Disaster Recovery Plan (DR (DRP))/Continuity of Operations (COOP)/Contingency Business Continuity (CBCP) and Incident Response (IRP) plans and documented results of DR/COOP exercises to validate. compliance of actions taken to prevent protect and defend information and information systems.
•    Implement approved SAV procedures per the USAREUR-AF G6 Cyber Division and USAREUR-AF Cyber Playbook at inspected sites system for unclassified and classified networks, devices, and systems.
Information Assurance / Cybersecurity Program Management Support:
•    Provides expertise to assist in the resolution of computer security incidents and vulnerability compliance.
•    Recommends best business practices and secure methodologies where required to maintain and/or improve the security posture of Information Systems (IS), the network, and remedy deficiencies.
•    Recommends best business practices and secure methodologies where required to maintain or improve the security posture of IS and the network and mitigate vulnerabilities. 
•    Provides expertise in assessing, documenting, and reporting vulnerabilities due to evolving technologies.
•    Provides input to the Risk Management Framework (RMF) process activities and related documentation.
•    Provides technical support for the review of internal processes, such as incident reporting and trouble ticket handling; recommend and document process improvements. 
•    Identifies and documents deviations from approved configurations within eMASS. 
•    Assists in the collection, compilation, and reporting Information Assurance Vulnerability Management (IAVM) for unclassified and classified networks, devices, and systems.
•    Tracks site application of security patches for commercial products integrated into system design to meet the timelines dictated by the management authority for the intended operational environment and ensure compliance. 
•    Provide technical expertise and support of patch management, software distribution, operating system deployment, network access protection and hardware and software inventory using System Center Configuration Manager (SCCM).
Risk Management / Accreditation Support:
•    Leverages the RMF repository (eMASS) of all documents required by the Agent of the Army Certification Authority (ACA) or other organizations.
•    Develops and present briefings and documentation as requested.
•    Provides guidance and support for identifying, baselining, reviewing, implementing, and integrating security, operational and functional requirements into current and future systems architectures.
•    Assists in the application of security patches for commercial products integrated into the system design in order to meet the timelines dictated by the management authority for the intended operational environment, and ensure cybersecurity-enabled products or other compensating security control technologies in order to reduce the identified risk to an acceptable level, implement and/or integrate security measures for use in system(s) and ensure that system designs incorporate security configuration guidelines.
Army Records Information Management System support:
•    Create, modify, approve records lists (ORLs) and views all unit records, ensuring compliance with and enforcement of Department of the Army (DA) policies and rules governing management information requirements.
•    Develops plans, goals, and objectives for Records Management program and implementation for the Army Records Information Management System (ARIMS).
•    Serves as liaison and point of contact for records management issues between Department of the Army and the local command.
•    Maintains up to date knowledge of information concerning government records management programs.
•    Recommends updates to policies and procedures to ensure compliance with established, approved, and implemented directives.
•    Establishes and promulgates necessary operating procedures to effectively control management of all records created.
•    Establishes and maintains an instructional and informational material program necessary to standardize and sustain the records management program.
•    Oversees the management, control, maintenance, and proper retirement of multimedia, hard copy, record copy, and permanent documents.
•    Establishes and maintains an instructional and informational material program necessary to standardize and sustain the Records Management program. Serves as the Primary Records Manager and coordinates support for subordinates units.
•    Coordinates and promotes records management program with Staff and subordinate activities.
•    Conducts records management surveys and site visits to subordinate activities.
•    Conducts research an analysis to recommend necessary action to resolve records management problems and improve efficiency and sustainment of the program.
•    Develops and implements policies and procedures related to records management programs to ensure compliance with local command, DOD, and Army regulatory requirements and program effectiveness. 
•    Freedom of Information Act (FOIA) and Privacy Act (PA) Subject Matter Expert:
•    Serves as the FOIA and PA technical expert.
•    Directs, interprets, and ensures compliance with FOIA and PA.
•    Determines which records may be released or withheld from disclosure and those requiring paper-by-paper review.
•    Ensures requests are properly processed in accordance with statutory and regulatory requirements.
•    Remains abreast of changes in statutory laws as they relate to disclosure or denial of FOIA or PA requests.
•    Interfaces with higher headquarter staff activities, legal authorities, unit commanders, to ensure all FOIA and PA report responses meet established statutory requirements.
•    Creates, produces, and disseminates through classroom and technical means, a variety of PA and FOIA tools and training to meet regulatory requirements.
•    Establishes appropriate administrative, technical, and physical safeguards to ensure security and confidentiality of records and proper training for employees who deal with any of these records.
•    Budget Information Development:  
•    Extracts and analyzes data for reports, metrics, standards, and development of budget information for information technology for the organization.
•    Provides recommendations and supporting data in support of budget projections and cost estimates based on historical data, current posture, and future changes or updates in IT requirements. 

Must possess a current, valid IAM III certification
Experience with Army Records Management and FOIA is required.
Knowledge of Army Operations and Air and Missile Defense operations is desired.
Must be able to pass German TESA.

DESIRED QUALIFICATIONS: BA/BS (or equivalent experience), 8+ years of experience

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.