RMF Cyber Analyst-Information System Security Manager- ISSM
Huntsville, AL · Information Technology
Position Title: RMF Cyber Analyst/Information System Security Manager Position Type: Full time Onsite Location: Huntsville, AL Clearance: Secret (or ability to obtain)
Responsibilities: The ISSM will support our Army customers and will review RMF Assessment and Authorization documentation, standard operating procedures, policies, and security instructions for both networked and stand-alone computer systems, to include both traditional IT and OT systems, and provides oversight and guidance for multiple systems. Candidate will perform tasks in a variety of areas to include:
Responsible for documenting security findings, incident response activities, and compliance efforts. Responsible for developing artifacts for upload to EMASS (Enterprise Mission Assurance Support Service) in accordance with Army/AMC standards and regulatory requirements.Ability to execute duties of Information System Security Officer per DA PAM 25-2-14.
Must have above foundational understanding of Operational Technology, must be able to articulate the Purdue Model and how it is implemented.
Complete inventories of OT systems IAW EXORD 141-18 and AMC directives/guidance.
Participate in security assessments of Information Technology (IT)/Operational Technology (OT) systems, identifying vulnerabilities and recommending mitigation strategies.
Identifies where IT/OT systems/networks deviate from acceptable configurations, enterprise policy, or local policy.
Conducts audits to ensure IT/OT systems security policies and procedures are implemented as defined in security plans and best practices.
Performs detailed analyses to validate established IT/OT security requirements and to recommend additional security requirements and safeguards.
Establishes strict program control processes and policies to ensure mitigation of risks and supports obtaining certification and accreditation of systems using AMC RMF processes.
Assisting in developing security documentation for upload to EMASS, ensuring accuracy, completeness, and compliance with AMC RMF requirements.
Performs IT/OT evaluations (compliance audits) and/or active evaluations (vulnerability assessments).
Provides leadership and threat mitigation training techniques to stakeholders.
Administer FRCS/BCS systems in accordance with DoD/Army guidelines.
Participate in Operational Planning Team (OPT)s and Working Groups with DoD/Army/AMC stakeholders, program managers, and security teams, documenting security requirements, concerns, and resolutions to support the successful delivery of IT/OT solutions.
Requirements:
10+ years of experience
Hybrid position: part onsite / part telework
Security+ CE or higher DoD 8570 Certification
Strong verbal and written communication skills
Experience supporting DoD RMF process
eMASS Experience
Experience determining and assessing vulnerabilities including planning, testing, and documenting (DoD) accreditation packages for Information Technology (IT) systems and networks, specifically within RMF.
Travel possible at 10-15%.
Desired Requirements:
ISC2 CISSP certification
ISACA CISM certification
Working knowledge of ACAS, DISA STIGS, and STIG-Tools.
Active Secret clearance
Required Education: Candidates should possess a bachelor's degree, preferably in Engineering, Cyber, Computer Information Systems, Computer Science, Math, Physics, or other STEM discipline however, years of experience may be substituted for a degree.