Information Assurance Compliance II
Philadelphia, PA
Posted 11 months ago
Work Status: Full-Time
Location: Philadelphia, PA
Security Clearance: Secret
Requisition Number: CU-IAC-II-001
Job Summary:
The Information Assurance Compliance II will support efforts to integrate new technology with IT security standards, technical writing, governance, and policy development/ management required to develop, evaluate Information Assurance Assessment and Authorization (A&A) for servers and systems, and validation for systems.
Responsibilities:
- Provide DoD Information Assurance Certification & Accreditation Process (DIACAP) and Risk Management Framework (RMF) services.
- Perform validation of A&A packages and artifacts; implementation of security postures.
- Follow the most current applicable documents including: DON RMF Process Guide, DoD Instruction 8510.01, and the business rules of cognizant review offices for each package.
- Perform A&A Validation including their associated validation test procedures; associated validation artifact; validation plan and procedures; compliance status; validation tests; validation results/report and supporting documentation.
- Validate the confidentiality, integrity, and availability of systems, networks, and data in accordance with information systems programs, policies, procedures and goals.
- Develop procedures to ensure information systems reliability and accessibility; prevent and defend against unauthorized systems, network and data.
- Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on content and assessment results and documenting for the Security Controls Assessor’s (SCA) and higher-level review.
- Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate in the current risk posture of the system.
- Interpret and implement local information security and higher-level policies and procedures to ensure networks and information systems are reliable, accessible and protected against unauthorized access.
Requirements:
- Five years of practical experience in a cybersecurity or assessment and authorization (A&A) related field. Experience should include implementing and/or reviewing RMF and A&A lifecycle documentation in accordance with DON, DoD, NIST SP-800-37, and SP-800-53 Rev 4 policies; ensuring/validating the confidentiality, integrity, and availability of systems, networks, and information; and conducting risk and vulnerability reviews and assessments to ensure accreditation procedures were followed, and documenting non-compliance.
- CAP, GSLC, Security+ CE.
- Bachelor’s degree in computer science, information technology, or an equivalent technical degree from an accredited college or university.