Place of Performance: Remote
Citizenship: US Citizen (MUST)
Security Clearance: Must be eligible to possess MBI (IRS Background Investigation) clearance. Active IRS MBI clearance is preferred.
Role Summary:
The Computer & Information Systems Manager is the technical execution lead for the computer security review mission. This person leads the assessor team that performs system configuration checks, automated and manual compliance scans, and findings documentation, and oversees the evaluation of agency security submissions.
Key Responsibilities:
- Lead execution of Computer Security Reviews (Task 4): pre-review scoping (PSE), SCSEM execution, Nessus/automated scanning, findings documentation, and completion of Section H of the Safeguard Review Report (SRR).
- Oversee evaluation of agency submissions (Task 5): Corrective Action Plans (up to 450/yr), Technical Inquiries (up to 350/yr), Safeguards Security Reports (up to 300/yr), and Notifications (up to 125/yr).
- Support development and semiannual update of SCSEMs and automated evaluation files (Nessus audit / SCAP) under Task 6.
- Manage and direct technical assessor staff - assign work, ensure quality, and develop the team.
- Ensure accuracy, traceability, and consistency of findings against Publication 1075, NIST SP 800-53, CIS Benchmarks, and DISA STIGs.
Core Experience (Required):
- Demonstrated experience with federal government cybersecurity audits and assessments, including implementing security controls, configuration changes, software/hardware updates, and vulnerability management.
- Hands-on assessment experience across multiple platforms - mainframe (RACF/ACF2); Windows/Linux/UNIX/Solaris/macOS; virtualization (VMware, Hyper-V, Docker, OpenShift, Kubernetes); cloud (AWS, Azure/M365, Salesforce, Google - FedRAMP); networking devices; and encryption standards.
- Experience executing SCSEMs and automated compliance scanning (e.g., Nessus, SCAP-based audit content).
- Demonstrated experience in IT/cybersecurity project and personnel management.
Minimum Education: High School Diploma or higher.
Certifications / Licenses (minimum of ONE of the following):
- CASP+ CE • CCNP Security • CISA • CISSP (or Associate) • GCED • GCIH • CCSP • CISM • GSLC • CCISO • HCISPP • CEH • CySA+/CSA+ • GSNA • CFR • PenTest+
In lieu of a certification, graduation from a minimum 2-year IT/Cybersecurity program at an accredited college or university may be substituted.
Preferred: Prior FTI/Safeguards review experience; SCSEM/STIG/CIS authoring experience; bachelor's degree.
