IA Policy and Compliance Certified Professional Team Lead

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is looking for an experience Information Assurance (IA) Policy and Compliance Certified Professional Team Lead to support work with the U.S. Army Contracting Command (ACC) Chief Information Officer (CIO) G6 Information Technology Support Services (ITSS) at the Redstone Arsenal, AL. The ACC Headquarters (HQ) Cybersecurity Division (CSD) currently maintains authority to operate (ATO) for three Risk Management Framework (RMF) packages. The IA Professional Lead will be leading a team of six people who will be working with the Procurement Automated Data Document System (PADDS), the ACC HQ Access Control/CCTV System, and the Army Contracting Command Development Lab (ADL). Key responsibilities for the IA professional will include:

• Assisting the task order Program Manager with ensuring all work performed by the team is performed according to the Performance Work Statement, turned in on time, with minimal to no errors.
• Working with the task order Program Manager to check certifications and training requirements of team members, including tracking when annual training is required, and ensuring all team members' training is up to date
• Serving as the ACC HQ System(s) Information System Security Officer (ISSO) and perform all duties and requirements related to that position
• Updating and maintaining each Enterprise Mission Assurance Support Service (eMASS) record
• Developing, updating, and/or modifying system-level artifacts such as TTP's, plans, policies, procedures, hardware/software lists, data flow, system architecture diagrams, and more.
• Ensuring artifacts are associate with any corresponding security control within eMASS.
• Inventorying hardware and software associated with the systems
• Obtaining, running, analyzing, and importing all applicable Department of Defense (DoD) or Army mandated vulnerability scanner and compliance checkers
• Ensuring all security technical implementation guides (STIG's) are imported into eMASS per Army Policy.
• Importing vulnerability scans no greater than once a month
• Tracking Information Assurance Vulnerability Alerts (IAVAs) relating to ACC systems
• Determining applicable control baselines
• Determining systems' compliance to baselines and providing sufficient justification for non-applicable controls
• Creating, modifying, and/or maintaining all aspects of the implementation plan and test results as defined by DoD, Army, NETCOM, and ACC requirements
• Ensuring non-compliant controls, benchmarks, and findings have associated plans of action and milestones (POAM) entries
• Creating, modifying, and/or maintaining all aspects of POAM
• Creating, modifying, and/or maintaining all aspects of continuous monitoring (CONMON) - this includes monitoring, reviewing, and updating continuous, daily, weekly, bi-weekly, monthly, quarterly, bi-annual, and annual requirements
• Utilizing existing, or developing custom, solutions using Powershell, Power Platform, Python, etc. to facilitate RMF requirements, reducing timelines and providing up-to-date status reporting of compliance such as Evaluate STIG, Cyber Vulnerability Platform (CVP), eMASS Result Analysis Platform (eRAP), Continuous Monitoring Tracker (C-Track), etc.

Required Skills

• An in-depth working knowledge of RMF
• Working knowledge of PowerShell, Power Platform, Python, etc.
• Understanding of implementation plan and test results as defined by DoD, Army, NETCOM, and ACC requirements
• Proficiency with Microsoft Office Suite
• Excellent communication skills - this includes written, face-to-face, and virtual

Education and Experience Requirements

• One of the following certifications is required: CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
• A BS Degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution
• 5+ years of experience with Information Assurance Policies and Compliance

Clearance Requirements

• Active Top-Secret Clearance

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.