Tetrad Digital Integrity LLC

  • Senior Risk Management Lead w/ Active Secret Clearance

    Job Locations US-VA-Alexandria
    Posted Date 4 months ago(4/3/2019 7:39 AM)
    ID
    2019-1182
    # of Openings
    1
  • Overview

    As part of a team, the Senior Risk Management Lead is responsible for strategic and operational effectiveness assessments, ensuring systems perform as expected, assessing security risk, and operational effectiveness of the project or program.

    Responsibilities

    • Support NIST Risk Management Framework (RMF) based Assessment and Authorization (A&A) activities
    • Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifecycle, to include security evaluation findings and residual risks
    • Conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the systems
    • Ensure required security authorization activities are completed and the results documented
    • Review and process Interconnection Security Agreements (ISAs), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents
    • Review IS security plans and other A&A documents for all applications to determine if mandated procedures and tasks are followed
    • Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for mandated security features.
    • Ensure that assigned systems/applications meet the minimum A&A standards before a recommendation is made to the CISO for Authorization.
    • Attend Compliance Team meetings and provide reports on the status of requested activities in the approved format
    • Update and upload all pertinent information for all systems within the FISMA portfolio repository
    • Update relevant FISMA Compliance SOPs on a quarterly basis
    • Provide guidance and support for all assigned Security Authorization activities.
    • Conduct Security Authorization entrance conferences.
    • Develop a preliminary Security Assessment Report (SAR)
    • Create the CSS Plan, including rules of engagement (ROE) for each major application, information system, or GSS undergoing authorization.
    • Document the results of the security control assessment, including recommendations for correcting any weaknesses or deficiencies in the controls, analyze findings, and develop risk mitigation techniques to address weaknesses
    • Conduct assessments of any required security controls

    Qualifications

    • Must have 5-7 years of relevant experience as a cybersecurity control assessor
    • U.S. Federal Information Assurance (IA), and the Risk Management Framework (RMF)
    • Related Best Practices from FedRAMP, NIST, and other sources
    • IT Security Engineering Life Cycle and Release Management
    • Assessment and Authorization (A&A), Certification and Accreditation (C&A), FISMA, FedRAMP, NIST SP 800-53, RMF
    • Risk and Issue Management and Mitigation
    • Excellent verbal and written communication skills
    • Ability to interface with customers at all levels of an organization and prepare presentations for senior executives
    • Demonstrated leadership and team development skills
    • Demonstrated success consulting at the senior management level
    • Superior time management, planning, and ability to scope prospective engagements, develop proposals and project plans
    • Secret security clearance required


    Work authorization:
    • United States (Required)

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed