The primary purpose of this position is to ensure the supported FMS assigned aircraft and ground information systems (IS) attains and maintains proper security authorization, items delivered to the Government are in the approved formats and configurations, all Risk Management Framework (RMF) documentation and procedures are adequately managed and coordinated with external agencies, ensure procedures at CONUS/OCONUS operating locations meet and maintain appropriate security requirements according to applicable directives and guidance. Lead member of the FMS Security Working. Interfaces with Authorizing Officials (AO), mission system Information System Security Officer(s) (ISSO) and Contractor System Administrators (CSA). Supports quick reactions capabilities (QRC) and emerging technology testing. Provides support to other in-resident airborne or ground system projects as FMS workload allows.
• Responsible for physical and operations security policy and issues, manages assigned program areas, and implements force protection policy, projects, and studies for the protection of US personnel and assets
• Implements the program protection planning activities for supported Security Assistance/Cooperation Programs, their facilities, and weapon systems at contractor and foreign government locations ensuring that all elements of protection comply with legal and regulatory requirements and meet customer needs throughout the program
• Reviews Letters of Offer and Acceptance (LOA) to ensure proper Program Protection requirements are identified to notify partner nations of measures that must be taken to properly protect critical program information and technology
• Ensure and support FMS RMF assessment/authorization (A&A) implementation and execution
• Support the PM/System Owner and provide direction to mission system ISSO(s) and CSAs
• Track, report and coordinate A&A status and issues with the PM/System Owner and AO/DAO.
• Serves as the primary interface between Authorizing Officials, Assessment representatives, industry partners, and program protection personnel
• Prepares and coordinates for assessments, acceptance/certification testing, QRC, and ad hoc testing
• Develops Plans of Actions and Milestones (POA&M) for non-compliance
• Enforces established information security policies and procedures
• Monitor development of the system, information environment, and threats for security-relevant events and configuration changes that affect security posture
• Develop and submit Security Impact Assessments (SIA) for proposed changes as required
• Periodically assesses the quality of security controls implementation against performance indicators as documented in the program Continuous Monitoring Plan
• Ensure that cybersecurity inputs to program acquisition documents (if required) are prepared
• Ensure that the program's contractual documents, such as specifications, statements of work, or Contract Data Requirements Lists (CDRLs) incorporate appropriate cybersecurity language and requirements.
• Ensure that security controls and requirements are properly allocated and documented in design specifications, technical publications and manuals, etc.
• Ensure that security controls and requirements have been communicated and appropriately resourced by program budget documents and are reflected in the program's requirements database
• Ensure that integrated logistics support documentation incorporate cybersecurity considerations throughout the lifecycle of the system.
• Oversees planning, implementation and continuous monitoring to achieve and maintain Authority to Operate (ATO) and Interim Authority to Test (IATT)
• Ensures facilities constructed for secure storage of U.S. classified information and systems meet or exceed required physical security standards. Conducts on-site security assessment at foreign government installation to ensure program protection compliance.
• Anti-Tamper (AT) measures may be applied to the program. Incumbent must properly employ AT to add longevity to the critical technology by deterring efforts to reverse engineer, exploit, or develop countermeasures against a system or system component. AT will be part of the Program Protection process and included in the Program Protection Plan.
Required:
• minimum of 5 years of related experience with a Bachelor’s degree, 3 years with a Master’s degree - a PhD without experience, or equivalent work experience is typically required for an employee at this level.
• Possess and maintain a current Top Secret Security Clearance and CI Polygraph
• Meet and maintain DoD 8140 IAM Level II certification or obtain certification one (1) year from hire
• 3 years of cyber surety/information assurance technology or related area
• Experience with networks, and computer administration management
• Experience with the RMF process and control management within assigned tools such as XACTA, eMASS
• Familiarity with NIST publications, DISA STIGS, and SRGs
• Proficiency with Microsoft operating systems and Office products
• Proven leadership in problem solving, effective communication and decision making
• Able to provide clear direction and relate effectively with leadership and across services and agencies
• Ability to travel worldwide
Software Powered by iCIMS
www.icims.com