Authorization To Connect (ATC) Security Auditor

Description

Assists the Defense Intelligence Agency (DIA) Chief Information Office (CIO), Cyber and Security Division (CIO4) in the management and execution of the JWICS Connection Approval Program. Provides expertise in conducting Approval to Connect (ATC) activities requiring both technical and non-technical skills in assessing DIA JWICS customers' request to connect their node to JWICS. ATC requires an understanding of DoD and IC Cybersecurity Polices, Regulations, Security Technical Security Implementation Guides (STIGs), and NIST RMF. This position also involves documentation and generating formal reports, briefs, circuit connection packages, that are used to assist organizations to acquire Approval To Connect while minimizing risk to JWICS.

Responsibilities:

• Interacts with CIO entities, subscribers, and other stakeholders to ensure all subscriber connections meet the foundational requirements for compliance. These assessments are conducted in the broader context of the subscriber's architecture and consider AO risk decisions.
• Evaluate and assess ATC data to highlight strategic efficiencies or tactical cyber-signatures. This will be used to provide recommendations focused on the maturity of ATCs CONMON, ATC, and POAM management processes to minimize risks to JWICS.
• Draft, coordinate, and collaborate on the development of technical documentation or cyber-profile assessments that communicate a connections risk to the JWICS enterprise.
• Collaborate with ATC stakeholders to ensure cyber-security risks are communicated and clearly understood.
• Participate in the planning, execution, and reporting of ATC assessments and collaborating with subscribers to ensure vulnerability assessments are integrated with minimal supervision.
• Assist in preparation and organization of assessment deliverables - ATC foundational documents, Security Risk Assessments, and other compliance data.
• Communicate the impact of system risks and vulnerabilities verbally, through presentations and written deliverables
• Familiarity with a variety of cybersecurity concepts, practices, and procedures.
• Rely on extensive experience and judgment to plan and accomplish goals.
• Ability to draft, coordinate, and finalize Standard Operating procedures, business process and workflow design, and manage their execution to consistently apply ATC, CONMON, and POA&M management activities.
• Provide overviews of the ATC assessment processes and procedures for team members (as required).

Requirements

• TS/SCI (ability to obtain and maintain a CI Poly)
• M.S degree (in related field) with 8+ years of experience or B.S degree (in related field) with 10+ years of experience or A.S degree (in related field) with 12+ years of experience or No degree with 14+ years of experience.
• Experience in IC security policies.
• Solid interpersonal and communication skills to interact with various stakeholders and team members effectively.
• Strong independent work ethic (auditor mentality), exceptional oral and written communication skills, and the ability to work unsupervised. Focus on developing and updating processes and procedures to drive ATC, CONMON, and POA&M efficiencies.

Certifications Required:

• DoD 8570.01-M IAT Level III (CISA, CASP, or CISSP)