Senior Information Assurance Security Specialist

SMS Data Products Group, Inc.

  • Springfield, VA
  • Permanent
  • Full-time
  • 14 days ago
Overview:SMS is seeking an Senior Information Assurance Security Specialist to join our team supporting the United States Coast Guard in Alexandria, VA. The Information Assurance Security Specialist is responsible for all Risk Management Framework (RMF) activities for implemented CDM technologies. You'll also work in a dynamic environment with other IA professionals using the latest technology. This position onsite at the USCG Monday - Friday and does not permit telework.SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 40 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.Submit your resume today. Responsibilities:The Senior Information Assurance Specialist will be responsible for the following:
  • Serve as senior member and representative of assigned team for meetings and efficiently lead internal resources to meet established milestones and targeted completion dates.
  • Provide guidance, coaching and training to employees of assigned team.
  • Assist in Security Assessment & Authorization Coordination
  • Plan and conduct security authorization reviews of federal systems
  • Manage and review Accreditation Packages
  • Support USCG system accreditation and Ongoing Assessment and Ongoing Authorization processes and activities for assigned systems.
  • Provide SME knowledge of Risk Management Framework (RMF) policy and application, NIST Security Controls, and Control Implementation methodologies for the A&A process.
  • Review and provide guidance on System Security Plan, Security Assessment Report (SAR), and Plans of Action and Milestones and other security documentation
  • Support POA&M remediation activities and the review of POA&M closure documentation.
  • Responsible for assessing and developing authorization packages for technical solutions that may require collaboration with internal expertise and deep analysis of the technical solution.
  • Collaborative and communicates with parties within, and outside, of own job function. May have responsibility for communicating with parties external to the organization (e.g., customers, vendors, etc.
  • Understands and supports Privacy Compliance Activities to include the review of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN).
  • Facilitates and monitors information assurance (IA) processes for new projects, including the development of security authorization packages and the tracking of progress for all Security Control implementations and Plans of Action and Milestones (POA&M).
  • Support and/or development of all Security Authorization artifacts and documentation and assembling of Authorization packages.
  • Responsible for administration and adherence of the Risk Management Plan.
  • Coordinate closely with the Quality Assurance Specialists in identifying and mitigating risk to meet established quality standards.
Qualifications:
  • Minimum of an active DoD Secret clearance required
  • University Degree (BA/BS) or equivalent experience and minimum 5 years related work experience
  • CSSP-AU: At least one of the DOD 8750 IAT III certifications: CASP+ CE, CCNP Security, CISA, CISSP (or associate), GCED, GCIH, or CCSP
  • Relevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with specific current hands-on experience researching, writing, and submitting complete A&A documentation packages for new system authorizations.
  • Well-developed understanding of Federal Civilian or DHS Security Assessment and Authorization (SA&A) processes.
  • Experience with continuous monitoring/ongoing authorization
  • Intimate understanding of NIST RMF implementation guidance.
  • In-depth understanding of the relevance of NIST Security Controls and Control Implementation methodologies to the SA&A process.
  • Experience assessing security controls based on cybersecurity principles and tenets. (e.g., NIST SP 800-53, Cybersecurity Framework, etc.).
  • Demonstrated understanding of critical documentation required in Security Authorization (SA) Packages.
  • Ability to understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN).
  • Experience managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.
  • Experience analyzing strategic guidance for issues requiring clarification and/or additional guidance.
  • Understanding of the basic concepts and issues related to cyber and its organizational impact.
  • Experience as senior or lead member of a team, including experience coaching and providing guidance to less experienced or new team resources, reviewing work products, tracking deadlines, and coverage, reporting, facilitating onboarding / offboarding procedures, etc.
  • Experience with administrative planning activities, to include preparation of functional and specific support plans and preparing and managing correspondence.
Preferred Qualification
  • Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A)
  • Hands on experience with eMASS or similar application.
Clearance
  • Active DOD Secret security clearance required
Certifications
  • IAT Level III certification
  • CSSP-AU: At least one of the DOD 8750 CSSP Auditor certifications: CEH, CySA+, CISA, GSNA, CFR, PenTest
SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States.SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

SMS Data Products Group, Inc.