Security Control Assessor

US-VA-Arlington
2017-1434

Overview

AbleVets, LLC is a fast-growing Service Disabled Veteran Owned Small Business (SDVOSB) providing healthcare information technology services and resources to help the VA and DoD improve the lives of the people they serve. AbleVets has an opportunity for an experienced, motivated

 

 

The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).  SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities. Responsibilities will cover Collateral and SAP activities within the customer’s area of responsibility.

Essential Functions and Job Responsibilities

  • Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures
  • Perform assessment of information systems, based upon the Risk Management Framework (RMF)/Joint Special Access Program Implementation Guide (JSIG), DCIS 6/3, DITSCAP, DIACAP and/or JAFAN 6/3 or ICD 705 certification and accreditation/authorization and assessment processes
  • Advise the Authorizing Official (AO) and/or Delegated Authorizing Official (DAO) on any assessment and authorization issues
  • Advise the Authorizing Official (AO), Delegated Authorizing Official (DAO), Office of Chief Information Officer (OCIO), and/or Program Security Officer (PSO) on assessment methodologies and processes
  • Evaluate Authorization Packages and make recommendations to the AO and/or DAO for authorization
  • Evaluate Information System threats and vulnerabilities to determine whether additional safeguards are required
  • Advise the Information Security Officer (ISO) and the PSO concerning the impact levels for confidentiality, integrity and availability for the information on a system
  • Evaluate threat and vulnerabilities to information systems to ascertain the need for additional safeguards
  • Review and approve the information system Security Assessment Plan, the System Security Plan (SSP), the SCTM and the Security Control Assessment Procedures
  • Ensure security assessments are completed for each IS
  • At the conclusion of each security assessment activity, prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment
  • Initiate a Plan of Action and Milestones (POA&M) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
  • Evaluate security assessment documentation and provide written recommendations for security authorization to the AO
  • Develop recommendation for authorization and submit to security authorization package to the AO
  • Assess proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization
  • Ensure approved procedures are in place for clearing, purging, declassifying, and releasing information system memory, media and output
  • Assist in team compliance inspections
  • Assist the PSO with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken
  • Assess changes within the information system boundary that could affect the authorization of the boundary
  • Ensure that Information Systems requirements are addressed during all phases of the system life cycle

Qualifications

  • Experience with Information Assurance (IA) vulnerability scanning software tools, implementing Security Technical Implementation Guides (STIGS), and applying IA Vulnerability Assessment (IAVA) patches
  • Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables
  • Knowledge of DITSCAP, RMF, DoD C&A processes, DoD 8500 (Cybersecurity) series and Common Criteria
  • Experience in JAFAN 6/3 or ICD 503, Joint Special Access Programs Implementation Guide (JSIG) and NISPOM application as related to C&A
  • Meet position and certification requirements outlined in DoD Directive 8570.01-M (or replacement directive) for Information Assurance Technician (IAT)/Information Assurance Manager (IAM) Level III within 6 months of the date of hire.  Must possess IAT/IAM Level II at time of date of hire
  • Demonstrated experience in aircraft and international program
  • Ability to constructively engage and resolve challenging situations
  • Possess excellent briefing and technical writing skills
  • Available to work before/after typical office hours as work may demand
  • Independent self-starter, proactive and professional assertive
  • Effective oral and written communication skills, excellent interpersonal skills, and computer literacy
  • Proficiency with MS Office Suite (MS Word, Excel, PowerPoint and Outlook)
  • Strong analytical and problem solving skillsSuperior verbal/written skills and presentation skills
  • Superior verbal/written skills and presentation skillsMust be able to lift 50lbs
  • Must be able to lift 50lbs
  • Ability to multitask

 

Years of Experience/Education Requirements

  • Bachelors degree in a related discipline or equivalent experience strongly preferred
  • 5-7 years related experience (7 years minimum, if no degree)
  • Minimum of four (4) years' experience in SAP Security and the implementation of regulations identified in the description of duties.

 

 

Clearance

Secret Security Clearance (depending on position) and

  • Eligibility for access to Special Access Program (SAP) Information
  • Willingness to submit to a Counterintelligence (CI) polygraph
  • Must have a Periodic Reinvestigation no older than five (5) years (or per DoD requirements)

 

This position requires a DoD Secret clearance for which U.S. Citizenship is required.

 

Certification Requirements

  • Must possess Information Assurance Technician/Information Assurance Manager (IAT/IAM) Level II at date of hire and
  • Must possess IAT/IAM Level III within 6 months of date of hire

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed