Job Requirements
Remote
Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries
Job Description
Position Description Summary:
Serves as the project manager for a large, complex task order (or a group of task orders affecting the same system) and shall assist the Program Manager in working with the Government Contracting Officer (KO), the task order-level Task Order Managers, Government management personnel and customer agency representatives. Under the guidance of the Program Manager, responsible for the overall management of the specific task order(s) and ensuring that the technical solutions and schedules in the task order are implemented in a timely manner.
The TOPM Cybersecurity Assessment and Authorization Subject Matter Expert supports the assessment, authorization, and continuous monitoring of DLA information systems, applications, cloud services, operational technology, and related IT environments. The TOPM-SME executes Risk Management Framework activities, evaluates security control compliance, identifies residual risk, develops authorization documentation, and advises government stakeholders on system security posture and authorization decisions.
Responsibilities:
• Execute cybersecurity Assessment and Authorization activities throughout the system development life cycle
• Support all phases of the Risk Management Framework, including preparation, categorization, control selection, implementation, assessment, authorization, and continuous monitoring
• Assess and validate security controls in accordance with NIST SP 800-53, DoD guidance, and DLA cybersecurity policies
• Prepare and maintain System Security Plans, Security Assessment Reports, Risk Assessments, Continuous Monitoring Strategies, POA&Ms, Privacy Impact Assessments, and authorization packages
• Register and maintain systems and authorization documentation within eMASS
• Review ACAS scan results, STIG compliance, IAVA requirements, vulnerabilities, and remediation activities
• Determine the residual risk and operational impact of cybersecurity vulnerabilities and control deficiencies
• Support authorization reviews for complex environments, including cloud-hosted services, operational technology, automated information systems, enclaves, and outsourced IT processes
• Brief senior management, Authorizing Officials, program managers, system managers, and ISSMs on cybersecurity posture, risks, findings, and RMF progress
• Monitor system changes and cybersecurity events that may affect authorization status or security posture
• Support incident reporting, corrective actions, risk acceptance decisions, and continuous monitoring requirements
• Prepare project plans, schedules, implementation documentation, status reports, and cybersecurity posture briefings
• Coordinate with government personnel, contractors, information owners, data stewards, and technical stakeholders
• Maintain accurate and current cybersecurity documentation and support inspections, audits, tests, and reviews
Skills & Experience:
• Minimum of seven (7) years of relevant experience in leadership with progressively higher responsibility in the public and/or private sector in the IT field
• Experience executing the DoD Risk Management Framework and supporting system authorization activities
• Experience applying NIST SP 800-53 security controls to large and complex IT environments
• DoD cybersecurity experience
• Experience assessing security controls and conducting authorization reviews for large, complex organizations
• Knowledge of eMASS, System Security Plans, Security Assessment Reports, POA&Ms, Risk Assessments, and authorization packages
• Experience with continuous monitoring, ACAS vulnerability scanning, STIG validation, IAVA compliance, and remediation tracking
• Ability to evaluate security findings and determine residual risk and potential impacts to system authorization
• Experience supporting cloud environments, operational technology, facility-related control systems, applications, enclaves, and IT infrastructure
• Strong technical writing, documentation, analytical, briefing, and stakeholder communication skills
• Ability to present cybersecurity risks and technical findings to senior leadership
• Ability to maintain all required cybersecurity certifications throughout the period of performance
Education:
• A bachelor’s degree in computer science, information technology, information systems, engineering, or a related technical discipline is preferred.
• Relevant certification from a nationally recognized technical authority
• Certification: Must have Project Management certification (i.e. Project Management Professional (PMP) Certification, other recognized certification, etc.)
• DoD-approved IAM Level III baseline certification in accordance with DoD 8570/8140 requirements
Security Clearance Required:
• Active Secret Security clearance
• Favorably completed Moderate Risk, Non-Critical Sensitive Tier 3 investigation, formerly NACLC or ANACI
• Must be eligible for access to classified and sensitive information, including SIPRNET and Controlled Unclassified Information
Serves as the project manager for a large, complex task order (or a group of task orders affecting the same system) and shall assist the Program Manager in working with the Government Contracting Officer (KO), the task order-level Task Order Managers, Government management personnel and customer agency representatives. Under the guidance of the Program Manager, responsible for the overall management of the specific task order(s) and ensuring that the technical solutions and schedules in the task order are implemented in a timely manner.
The TOPM Cybersecurity Assessment and Authorization Subject Matter Expert supports the assessment, authorization, and continuous monitoring of DLA information systems, applications, cloud services, operational technology, and related IT environments. The TOPM-SME executes Risk Management Framework activities, evaluates security control compliance, identifies residual risk, develops authorization documentation, and advises government stakeholders on system security posture and authorization decisions.
Responsibilities:
• Execute cybersecurity Assessment and Authorization activities throughout the system development life cycle
• Support all phases of the Risk Management Framework, including preparation, categorization, control selection, implementation, assessment, authorization, and continuous monitoring
• Assess and validate security controls in accordance with NIST SP 800-53, DoD guidance, and DLA cybersecurity policies
• Prepare and maintain System Security Plans, Security Assessment Reports, Risk Assessments, Continuous Monitoring Strategies, POA&Ms, Privacy Impact Assessments, and authorization packages
• Register and maintain systems and authorization documentation within eMASS
• Review ACAS scan results, STIG compliance, IAVA requirements, vulnerabilities, and remediation activities
• Determine the residual risk and operational impact of cybersecurity vulnerabilities and control deficiencies
• Support authorization reviews for complex environments, including cloud-hosted services, operational technology, automated information systems, enclaves, and outsourced IT processes
• Brief senior management, Authorizing Officials, program managers, system managers, and ISSMs on cybersecurity posture, risks, findings, and RMF progress
• Monitor system changes and cybersecurity events that may affect authorization status or security posture
• Support incident reporting, corrective actions, risk acceptance decisions, and continuous monitoring requirements
• Prepare project plans, schedules, implementation documentation, status reports, and cybersecurity posture briefings
• Coordinate with government personnel, contractors, information owners, data stewards, and technical stakeholders
• Maintain accurate and current cybersecurity documentation and support inspections, audits, tests, and reviews
Skills & Experience:
• Minimum of seven (7) years of relevant experience in leadership with progressively higher responsibility in the public and/or private sector in the IT field
• Experience executing the DoD Risk Management Framework and supporting system authorization activities
• Experience applying NIST SP 800-53 security controls to large and complex IT environments
• DoD cybersecurity experience
• Experience assessing security controls and conducting authorization reviews for large, complex organizations
• Knowledge of eMASS, System Security Plans, Security Assessment Reports, POA&Ms, Risk Assessments, and authorization packages
• Experience with continuous monitoring, ACAS vulnerability scanning, STIG validation, IAVA compliance, and remediation tracking
• Ability to evaluate security findings and determine residual risk and potential impacts to system authorization
• Experience supporting cloud environments, operational technology, facility-related control systems, applications, enclaves, and IT infrastructure
• Strong technical writing, documentation, analytical, briefing, and stakeholder communication skills
• Ability to present cybersecurity risks and technical findings to senior leadership
• Ability to maintain all required cybersecurity certifications throughout the period of performance
Education:
• A bachelor’s degree in computer science, information technology, information systems, engineering, or a related technical discipline is preferred.
• Relevant certification from a nationally recognized technical authority
• Certification: Must have Project Management certification (i.e. Project Management Professional (PMP) Certification, other recognized certification, etc.)
• DoD-approved IAM Level III baseline certification in accordance with DoD 8570/8140 requirements
Security Clearance Required:
• Active Secret Security clearance
• Favorably completed Moderate Risk, Non-Critical Sensitive Tier 3 investigation, formerly NACLC or ANACI
• Must be eligible for access to classified and sensitive information, including SIPRNET and Controlled Unclassified Information
group id: 10454118