Project Lead

AERMOR LLC • Norfolk, VA, United States • $200k - $250k / year • 1m ago

Job Type: Full Time

Location: Norfolk

Clearance: Secret

AERMOR, LLC. is hiring a Risk Management Framework (RMF) Specialist to provide guidance to government personnel in the execution of multiple system ATO’s and full RMF packages. Managing cybersecurity, certification, and accreditation. This is not a remote position.

Responsibilities to support the following:

Create, review, update, and validate Cybersecurity Standard Operations Procedures (SOPs) as required.
As a member of the Configuration Control Board (CCB), ensure CCB approved changes are timely and accurately reflected in the C&A documentation.
Support compliance validation of current and future directives (e.g.: IAVs, STIGs, CTOs).
Perform all required and approved PM RMF process steps IAW the RMF Process Guide.
Ensure that RMF activities are planned and resourced for continued cybersecurity sustainment throughout the lifecycle of assigned systems.
Implement the RMF cybersecurity requirements for assigned systems.
Submit system categorization recommendation to AO/CSA.
Prepare reports on scanning results and configuration management observations monthly.
Ensure traceability is maintained throughout the RMF submission process (e.g.: C&A Plan, POAM, RAR, Topology, Software, Ports Protocols and Services, Test Plan).
Coordinate system security requirements, including inheritance agreements, with receiving and providing organizations or their representatives early and throughout system development to support reciprocity.
Maintain regulatory compliance including the Federal Information Security Management Act (FISMA).
Assist with development, maintenance, and tracking of the SP.
Prepare the RAR Executive Summary.
Ensure POA&M development, tracking, and resolution.
Assign resources, milestones, and estimated completion dates to the POA&M.
Maintain information assurance vulnerability alert (IAVA) and bulletin (IAVB), and Communications Task Order (CTO) compliance and reporting.
Represent the system during DoD and Navy cyber inspections, while responding to information requests and addressing identified findings of ATOs for NECC training Systems.
Manage the overall system risk to ensure it does not rise beyond the level accepted by the AO in Task Order Manager.

Qualifications:

One of the following certifications is required: CAP, CASP+ CE, CISM, CISSP (or Associate Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET), GSLC, CCISO or HCISPP.
Bachelor’s degree in IT or related field.

#J-18808-Ljbffr