Jobs · Information Technology · Pennsylvania

(627) Information Assurance Compliance Specialist II

Arlo Solutions · Philadelphia, PA · 6 mo ago
Information TechnologyFull-time

Risk Management Framework (RMF) Development and Implementation

  • Collect and collate system or site information to evaluate and document security postures in Enterprise Mission Assurance Support Service (eMASS)
  • Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, NAVSEA Business Rules, DON RMF Process Guides, and NAVSEA Standard Operating Procedures (SOPs)
  • Create comprehensive RMF package documentation including Assess Only (AO) Determination Request Packages, System Platform IT (PIT) Determinations, Categorization Forms, Authorization Boundary Diagrams, Defense in Depth Diagrams, Privacy Impact Assessments (PIA), and Security Plans (SPs)
  • Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in eMASS

Policy and Compliance Management

  • Develop or revise existing policies, plans, and strategy documents to meet requirements for RMF Control Families
  • Create comprehensive documentation including Incident Response Plans, Contingency Plans, Information Assurance Vulnerability Management Plans, Configuration Management Plans, and Physical Security Plans
  • Evaluate discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks

Assessment and Evaluation Activities

  • Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs
  • Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems
  • Perform systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture
  • Determine residual risk of packages based on package content and assessment results for Security Controls Assessor review
  • Conduct analysis of logs, events, and reporting from various data collection tools including Assured Compliance Assessment Solution (ACAS), Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems

Continuous Monitoring and Maintenance

  • Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status
  • Develop and update required eMASS documents at specified frequencies, including POA&Ms and Risk Assessment Reports (RARs)
  • Determine system compliance with all applicable Controls and Assessment Procedures (APs) for assigned DON systems
  • Maintain current vulnerability scan data and residual risk POA&Ms in Vulnerability Remediation Asset Manager (VRAM)
  • Track deliverables and action items in accordance with A&A guidance

Technical Documentation and Reporting

  • Perform detailed technical documentation analysis of software/hardware associated with systems and components
  • Create system architecture diagrams, software design requirements, network connection/authorization boundary diagrams, and RMF plans/policies
  • Create and maintain vulnerability DON eMASS POAMs for systems
  • Create and submit data to management, develop comprehensive reports, and produce procedural documentation
  • Execute Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), ACAS scanning, and apply patches to assets to obtain cybersecurity compliance

Stakeholder Coordination and Communication

  • Manage, attend, and support configuration control board practices
  • Cookordination with government personnel, system owners, and other stakeholders throughout the RMF process
  • Assess impacts from observed risks and report via the Cybersecurity Program chain of command
  • Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning

Compliance and Quality Assurance

  • Ensure RMF artifacts comply with published Navy, NAVSEA Business Rules, NIST SP-800-37, and SP-800-53 Rev 4 requirements
  • Create and verify accuracy of POA&Ms/RARs as identified by vulnerability test results
  • Ensure information systems are operated, used, maintained, and disposed of in accordance with security policies
  • Test systems to verify adequate functionality for mission and project requirements
  • Maintain security clearance and comply with all security requirements specified in the contract

Similar jobs