Cybersecurity RMF Senior ISSO - Level 5

Job Description:


Seeking candidates with Risk Management Framework (RMF) experience. The candidate will serve in a Senior ISSO support role and perform tasks related to Assessment & Authorization (A&A) and cybersecurity to obtain and maintain Authorizations to Operate (ATOs) for assigned DoD medical systems (i.e., applications, networks, and devices). This position will be part of a team developing recommended courses of action needed to transition current policies and procedures to the RMF-approved processes.


Primary Responsibilities:
• Support Team Lead by assisting with the management and execution of RMF activities for various information systems
• Facilitate movement of information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews
• Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge.
• Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities
• Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs
• Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts
• Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
• Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
• Provide training and support for team ISSOs as necessary

Day-to-day tasks may include the following:
• Lead or attend meetings with system stakeholders to discuss the status of efforts
• Submit weekly reports to leadership regarding system/program status
• Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
• Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
• Assess system compliance against NIST and Company security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Produce evidence as necessary to support the compliance status of NIST, DoD, and security requirements
• Work with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides
• Analyze vulnerability scans of information systems and assist in remediation tasks


Minimum Qualifications:
• Bachelor's Degree and fifteen (15) years of experience with Cybersecurity / Information Technology, or eighteen (18) years of hands-on experience with Cybersecurity / Information Technology
• Active DoD Secret security clearance
• DoD 8570-compliant
• Demonstrated expert-level experience with Risk Management Framework
• Experience working within DoD
• Demonstrated efficiency and expert-level experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, asset inventories, and system/site policies, procedures, and processes
• Experience in assessing systems using NIST 800-53 and DISA STIGs and SRGs
• Familiarity and experience with the DoD tool eMASS
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Familiarity with NIST publications

Additional Qualifications a Plus:
• Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)
• Experience in RMF policy development and strategy implementation
• Knowledge of Continuous Monitoring and Risk Scoring (CMRS)
• Knowledge of one or more of the following technologies:


o Medical devices


o Windows


o Linux/Unix


o Network Devices


o Databases - MS SQL, Oracle


o VMWare - Virtualization