AbleVets

  • Security Control Assessor

    Job Locations US-VA-Arlington
    Job ID 2018-2041
  • Overview

    AbleVets, LLC is a fast-growing Service Disabled Veteran Owned Small Business (SDVOSB) providing healthcare information technology services and resources to help the VA and DoD improve the lives of the people they serve. AbleVets has an opportunity for a motivated Security Control Assessor (SCA). This position is located on the customer site in Arlington, VA.  

    Essential Functions and Job Responsibilities

    The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).  SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities.    Responsibilities will cover Collateral, Special Access Program (SAP) and/or Sensitive Compartmented Information (SCI) activities within the customer’s area of responsibility. Duties shall include but are not limited to:

     

    • Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructure
    • Perform assessment of information systems, based upon the Risk Management Framework (RMF)/ Joint Special Access Program Implementation Guide (JSIG), DCID 6/3, DITSCAP, DIACAP and/or JAFAN 6/3 certification and accreditation/authorization and assessment processes
    • Advise the Authorizing Official (AO) and/or Delegated Authorizing Official (DAO) on any assessment and authorization issues
    • Advise the Authorizing Official (AO), Delegated Authorizing Official (DAO), Office of Chief Information Officer (OCIO), and/or Program Security Officer (PSO) on assessment methodologies and processes
    • Evaluate Authorization packages and make recommendation to the AO and/or DAO for authorization
    • Evaluate Information system threats and vulnerabilities to determine whether additional safeguards are required
    • Advise the Information Security Officers (ISO) and PSO concerning the impact levels for confidentiality, integrity, and availability for the information on a system
    • Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards
    • Review and approve the information system Security Assessment Plan, the System Security Plan (SSP), the Security Control Traceability Matrix (SCTM), and the Security Control Assessment Procedures
    • Ensure security assessments are completed for each IS
    • At the conclusion of each security assessment activity, prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment
    • Initiate a Plan of Action and Milestone (POA&M) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
    • Evaluate security assessment documentation and provide written recommendations for security authorization to the AO
    • Develop recommendation for authorization and submit the security authorization package to the AO
    • Assess proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization
    • Ensure approved procedures are in place for clearing, purging, declassifying, and releasing information system memory, media, and output
    • Assist in team compliance inspections
    • Assist the Program Security Officers (PSOs) with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken
    • Assess changes within the information system boundary that could affect the authorization of the boundary
    • Ensure that Information systems requirements are addressed during all phases of the system life cycle

    Qualifications

    • Bachelor’s degree in a related discipline with minimum five (5) to seven (7) years of related experience.  (7 years minimum, if no degree)
    • Must meet position and certification requirements outlined in DoD Directive 8570.01-M (or replacement directive) for Information Assurance Technician (IAT) or Information Assurance Manager (IAM) Level III within 6 months of the date of hire.  Must possess IAT/IAM Level II at time of date of hire.
    • Has experience with IA vulnerability scanning software tools, implementing Security Technical Implementation Guides (STIGS), and applying IA Vulnerability Assessment (IAVA) patches.
    • Has experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRPs) and Plan of Action and POA&M tables.
    • Minimum of four (4) years' experience in SAP and/or SCI Security and the implementation of regulations identified in the description of duties.  
    • Must be able to lift 50 lbs
    • Must have working knowledge of Microsoft Office (Word, PowerPoint and Excel)
    • Possess an active Top Secret clearance
    • Eligibility for access to Special Access Program (SAP) Information
    • Willingness to submit to a Counterintelligence (CI) polygraph
    • Must have a Periodic Reinvestigation no older than five (5) years (or per DoD requirements)

    EEO Statement

    AbleVets LLC appreciates your interest in our company as a place of employment.  We are proud to be an equal opportunity/affirmative action employer and are committed to hiring and retaining a diverse workforce.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability, veteran status, or any other protected class.  AbleVets is a VEVRAA Federal Contractor. 

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed