Information Assurance Support Lead (VG00944) - Military veterans preferred

2018-11-28
SAIC (www.saic.com)
Other

/yr

  full-time   employee


Washington
District of Columbia
20006
United States

Description

Position Description:

The Program Support Team Lead within the Department of State IRM/IA directorate is a matrixed organization responsible for supporting many aspects of the Department’s information assurance program. 


Current aspects of the program that are assisted by the Program Support Team include maintenance of MS Access and SQL Server database based system authorization support tools (including a security categorization tool, a control selection tool, and tester database, bureau master database, enterprise database, and a file share containing artifacts from all previously conducted security authorization efforts), management of the FISMA inventory catalog, IRM/IA web site management, Tier One risk assessments, notification of change processing, IA Solution Center monitoring, Remedy ticket creation, system authorization support tools training, audit support, and publication of quarterly FISMA memos.  


Nearly all of these areas are elements of the risk management program outlined in NIST SP 800-39, and are described in depth in other NIST publications including SP 800- 30 and 800-37. The SAIC team currently has an opening for a mature team leader, highly experienced in the NIST risk management processes described by the NIST Joint Transformation Working Group publications including NIST SP 800-39, 37, 30, 53, and 53A.  The successful candidate will be fluent in all aspects of these documents, and have a long, successful record of implementing these in large Federal civilian agency data centers. 


The focus areas of the team’s work are: 

  • Frame risk in accordance with guidance in NIST SP 800- 30, 800-39, and 800-53 PM-9.
  • Assess risk at all three tiers identified in NIST SP 800-39, in accordance with NIST SP 800-30 and the 800-53 “RA” family of controls, using sound probability methods where quantitative methods are called for, including accounting for the possibility of dependent probabilities that must be aggregated.
  • Provide recommendations for responding to risk and monitoring risk, in accordance with NIST SP 800-30, SP 800-37, and SP 800-39.
  • Measure security program performance in accordance with NIST SP 800-53 PM-6 and NIST SP 800-55.
  • Perform security analysis tasks, as assigned. 

Description of Duties: 

  • The Program Support Team Leader coordinates the team’s support to all these areas. 
  • Thus, as the team lead must provide intuitive support to all the following areas, the team leader must have instant, in-depth command of the following topics:
    1. Risk Management Framework (RMF).
    2. Categorization of Information Systems.
    3. Selection of Security Controls.
    4. Security Control Implementation.
    5. Security Control Assessment.
    6. Information System Authorization.
    7. Monitoring of Security Controls.
    8. Development of Standard Operating Procedures (SOPs) and Work Instructions (WIs). 
  • Extremely strong familiarity with Federal information system authorization and risk management standards and guidelines is therefore assumed for this position, including: 
    1. Risk Identification.
    2. Risk Assessment.
    3. Risk Response and Mitigation.
    4. Risk and Control Monitoring and Reporting.
  • Significant experience enabling services to areas above, without actually performing the services themselves (the services themselves are delivered by the system owner support team, security control assessment team, risk assessment team, and continuous monitoring team). 
  • Experience managing web site development, database applications, help desks, and risk assessment are also required, as the team leader will manage persons performing all of these tasks. 
  • Knowledge of ITIL v3 service management is also required, as all of the team’s services will be managed according to the ITIL v3 service lifecycle management library.

Responsibilities include: 

  • Project Management:
    • Manage staff.
    • Assure quality of all project work products.
    • Develop and implement project plans.
  • Service Management:
    • Work with client staff to develop and maintain a mission responsive service catalog.
    • Work with the service management team to define and manage services and work products.
    • Oversee development of internal standards, guidelines, and processes for delivered services.
    • Execute approved processes and report feedback from the field to the service management team to affect continuous improvement. 

Qualifications

Required Education/Experience: 

  • Bachelors and 8+ yrs experience or AA degree with years of experience substituted with relevant certifications 
  • Demonstrated ability to provide enabling support to enterprise risk management proceeeesses.
  • Demonstrated effective written and oral communications skills.
  • Demonstrated long range planning ability.
  • Experience evidencing a successful record, with gradually increasing leadership responsibility from direct contributor through team lead, over a period of at least eight years, in two or more teams, supporting a NIST SP 800-53, appendix G (“Information Security Programs”) compliant enterprise-wide information security program.
  • For purposes of this position description, “support” includes the following:
    • Translate the aforementioned NIST mission requirements into managed services.
    • Oversee NIST SP 800-30 risk assessments o Establish and maintain a NIST SP 800-55 compliant enterprise security metrics program.
    • Develop and manage services in a method consistent with ITIL v3.
    • Track and report status of findings and POA&Ms resulting from NIST SP 800-37 compliant system authorization program.
    • Maintain and report status of an enterprise system inventory that complies with OMB A-130, NIST SP 800-37, NIST SP 800-53, and CNSSI 1253
    • Directly manage a team of tools developers and administrators engaged in developing and administering custom desktop database-based tools, custom enterprise database-based web-accessible tools, commercial off the shelf tools, and government off the shelf tools, that support processes defined by the NIST SP 800-37 Risk Management Framework, and NIST SP 800-50 and NIST SP 800-16 (security awareness training and role- based security training).
    • Interface with, and support other Contractor and Government team leads engaged in system authorization activities.
    • Experience evidencing a successful record, with gradually increasing leadership responsibility from direct contributor through project or team lead, over a period of at least eight years.

Desired Experience/Skills/Attributes: 

  • Master of Science in computer science or an allied discipline in engineering or the sciences.
  • ISACA CRISC certificate.
  • (ISC)2 Certified Authorization Professional (CAP) certificate.
  • (ISC)² Certified Information Systems Security Professional (CISSP) certificate.
  • ITIL v3 certificate.

Clearance Requirement:

Active secret