Serves as a cybersecurity analyst with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures.
Executes DoW/DLA cybersecurity processes to authorize information systems, maintain authorization of information systems, or serves as a Subject Matter Expert (SME) for systems undergoing the authorization process.
Possess an understanding of how security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization s IT infrastructure such as DoD, in which there is a compilation of large and small enclaves, Cloud Hosted Services, Operational Technology, AIS applications and outsourced IT processes.
Determines the residual risk of an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications to the system s current or future authorization.
Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
Requirements
- Experience: Five (5) years of relevant C&A experience; Risk Management Framework (RMF) and NIST C&A experience; DOD cybersecurity experience
- Experience in assessing security controls and conducting authorization reviews for large, complex organizations
- Clearence: Secret
- 8570/8140: DoD Approved 8570 Baseline Certification: Category IAM Level III