Yesterday
Top Secret/SCI
CI Polygraph
IT - Support
Herndon, VA (On-Site/Office)
The candidate will be responsible for:
• Design, develop, and implement IT corrective action plans (CAPs) for self-identified deficiencies (SIDs) and external IPA findings
• Perform CAP validation testing for completed remediation activities
• Perform baseline review assessments (e.g., FISCAM) to assess system readiness and remediate identified deficiencies
• Monitor, track, and report on IT CAP statuses and third-party risk management (e.g., service providers)
• Develop risk-based approaches for prioritization of IT findings
• Perform advisory services for risk management framework (RMF) activities to support system team IT control implementations in accordance with financial management overlay
• Integrate leading practices for IT audit remediation
Required Qualifications:
• Must be a U.S. Citizen
• Active TS/SCI clearance adjudication, and ability to pass a CI poly
• 8 years of relevant experience and a Bachelor’s degree appliable to the position from an accredited college or university is required. A Master’s degree relevant to the position may be substituted for two (2) years of additional experience. Four (4) years of additional IT audit advisory experience may be substituted for a bachelor’s degree.
• Experience with effective policy, instruction, and development for Federal or DoD Information Security Programs
• Experience with risk analysis and assessment determinations incorporating system/mission owner, and unique operational constraints
• Experience with Xacta
• Ability to understand IT audit finding recommendations to translate those requirements to functional/technical stakeholders
• Ability to understand business processes to develop and implement new controls to mitigate or remediate identified IT audit gaps
Preferred Qualifications:
• Ability to learn IT general controls (ITGC), Financial Information System Control Audit Manual (FISCAM), and National Institute of Standards and Technology Special Publication (NIST) 800-53v4
• Experience with Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series
• Experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage
• Familiar with Configuration Management
• Excellent attention to detail, organizational skills, and ability to multitask
• Strong verbal and written interpersonal, communication, and presentation skills
• Strong critical thinking and problem-solving skills
• Hold active Security+, CISSP, CISA, or equivalent certifications (DoD 8570 IAM 2 equivalent)
• Design, develop, and implement IT corrective action plans (CAPs) for self-identified deficiencies (SIDs) and external IPA findings
• Perform CAP validation testing for completed remediation activities
• Perform baseline review assessments (e.g., FISCAM) to assess system readiness and remediate identified deficiencies
• Monitor, track, and report on IT CAP statuses and third-party risk management (e.g., service providers)
• Develop risk-based approaches for prioritization of IT findings
• Perform advisory services for risk management framework (RMF) activities to support system team IT control implementations in accordance with financial management overlay
• Integrate leading practices for IT audit remediation
Required Qualifications:
• Must be a U.S. Citizen
• Active TS/SCI clearance adjudication, and ability to pass a CI poly
• 8 years of relevant experience and a Bachelor’s degree appliable to the position from an accredited college or university is required. A Master’s degree relevant to the position may be substituted for two (2) years of additional experience. Four (4) years of additional IT audit advisory experience may be substituted for a bachelor’s degree.
• Experience with effective policy, instruction, and development for Federal or DoD Information Security Programs
• Experience with risk analysis and assessment determinations incorporating system/mission owner, and unique operational constraints
• Experience with Xacta
• Ability to understand IT audit finding recommendations to translate those requirements to functional/technical stakeholders
• Ability to understand business processes to develop and implement new controls to mitigate or remediate identified IT audit gaps
Preferred Qualifications:
• Ability to learn IT general controls (ITGC), Financial Information System Control Audit Manual (FISCAM), and National Institute of Standards and Technology Special Publication (NIST) 800-53v4
• Experience with Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series
• Experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage
• Familiar with Configuration Management
• Excellent attention to detail, organizational skills, and ability to multitask
• Strong verbal and written interpersonal, communication, and presentation skills
• Strong critical thinking and problem-solving skills
• Hold active Security+, CISSP, CISA, or equivalent certifications (DoD 8570 IAM 2 equivalent)
group id: RTL80163
