Job DescriptionThis role is a technical advisor for the Information Systems (IS) security requirements that are necessary for the protection of all sensitive information processed, stored, and/or transmitted using the IS. You will Interpret government requirements; prepare, validate, and maintain documentation in support of the Risk Management Framework (RMF). This role will also implement and oversee the program security plans, policies, and procedures necessary to ensure compliance with all company and government requirements.
What You'll Do:- Apply and administer the Risk Management Framework to ensure that all the applicable IS are operating in accordance with customer security requirements.
- Maintain a configuration management system to track and control all components of IS used in support of programs.
- Identify, evaluate, and document all IS and provide guidance on what controls and countermeasures may be appropriate to mitigate vulnerabilities and threats.
- Perform audits of all IS, investigation anomalies, and record and report findings, as required. Coordinate and/or conduct detailed inquiries; assess potential damage; and develop, document, implement, and monitor corrective action plans. Perform data spill containment and clean up per customer direction.
- May coordinate the response and recovery activities from information security incidents. This includes collaboration with appropriate response partners, assisting with determining the root cause of cyber incidents and working with stakeholders and responsible parties to remediate any identified control gaps or failures.
- May perform data breach response, cyber risk/security assessments, and remain involved in phases such as vulnerability scanning, and log configuration.
- May participate in engagements related to preemptive data breach response; analytic and reporting for litigation, data breaches, and regulatory response; workplace and employment issues, including theft of trade secrets; and investigations related to network breaches/unauthorized access of data through computer forensics and incident response.
- Identify and manage Plan of Action & Milestones (POA&Ms) through remediation as well as develop corrective action plans for each POA&M, monthly progress reporting to customer and management.
- Promote information security awareness.
- Maintain a regular and predictable work schedule.
- Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Capabilities Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
- Perform other duties as necessary.
On-Site Work Environment: This position requires regular in-person engagement by working
on-site five days each normally scheduled week in the primary work location. Travel and local commute between company campuses and other possible non-company locations may be required.
Working Conditions: - Work is performed in an office environment, laboratory, cleanroom, or production floor.
Required Skills and Education- Related Bachelor's and 2 or more years of related experience; or HS Diploma and 6 or more years of related experience.
- Each higher-level degree, i.e., Associate's, Bachelor's Degree, Master's Degree or Ph.D., may substitute for additional years of experience.
- Related certifications may count towards years of related experience.
- Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
- A current, active TS/SCI security clearance is required with the ability to obtain and maintain a TS/SCI Polygraph.
- Ability to identify and respond to potential cyber threats to company equities utilizing advanced software applications and information provided by government partners and open-source intelligence gathering.
- 8140 compliant certification is required.
#LI-JL2
This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.
Multiple positions may be available on this opening.
