Information Assurance Compliance II

Work Status: Full-Time

Location: Philadelphia, PA

Security Clearance: Secret

Requisition Number: CU-IAC-II-001

Job Summary:

The Information Assurance Compliance II will support efforts to integrate new technology with IT security standards, technical writing, governance, and policy development/ management required to develop, evaluate Information Assurance Assessment and Authorization (A&A) for servers and systems, and validation for systems.

Responsibilities:

• Provide DoD Information Assurance Certification & Accreditation Process (DIACAP) and Risk Management Framework (RMF) services.
• Perform validation of A&A packages and artifacts; implementation of security postures.
• Follow the most current applicable documents including: DON RMF Process Guide, DoD Instruction 8510.01, and the business rules of cognizant review offices for each package.
• Perform A&A Validation including their associated validation test procedures; associated validation artifact; validation plan and procedures; compliance status; validation tests; validation results/report and supporting documentation.
• Validate the confidentiality, integrity, and availability of systems, networks, and data in accordance with information systems programs, policies, procedures and goals.
• Develop procedures to ensure information systems reliability and accessibility; prevent and defend against unauthorized systems, network and data.
• Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher-level review.
• Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate in the current risk posture of the system.
• Interpret and implement local information security and higher-level policies and procedures to ensure networks and information systems are reliable, accessible and protected against unauthorized access.

Requirements:

• Five years of practical experience in a cybersecurity or assessment and authorization (A&A) related field. Experience should include implementing and/or reviewing RMF and A&A lifecycle documentation in accordance with DON, DoD, NIST SP-800-37, and SP-800-53 Rev 4 policies; ensuring/validating the confidentiality, integrity, and availability of systems, networks, and information; and conducting risk and vulnerability reviews and assessments to ensure accreditation procedures were followed, and documenting non-compliance.
• CAP, GSLC, Security+ CE.
• Bachelor's degree in computer science, information technology, or an equivalent technical degree from an accredited college or university.