(627) Information Assurance Compliance Specialist II jobs in United States
cer-icon
Apply on Employer Site
company-logo

Arlo Solutions · 1 day ago

(627) Information Assurance Compliance Specialist II

positionPhiladelphia, PA
timeFull-time
remoteOnsite
seniorityMid Level
date4+ years exp

Arlo Solutions is an information technology consulting services company that specializes in delivering technology solutions. The Specialist, Information Assurance Compliance II will support the Naval Surface Warfare Center Philadelphia Division, focusing on developing and maintaining cybersecurity compliance programs and documentation to ensure adherence to DoD and DON policies.

Cyber SecurityInformation TechnologyManagement Consulting
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Collect and collate system or site information to evaluate and document security postures in Enterprise Mission Assurance Support Service (eMASS)
Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, Naval Sea Systems Command (NAVSEA) Business Rules, DON RMF Process Guides, and NAVSEA Standard Operating Procedures (SOPs)
Create comprehensive RMF package documentation including Assess Only (AO) Determination Request Packages, System Platform IT (PIT) Determinations, Categorization Forms, Authorization Boundary Diagrams, Defense in Depth Diagrams, Privacy Impact Assessments (PIA), and Security Plans (SPs)
Develop and maintain Plan of Action and Milestones (POA&M) for all Information Assurance-related tasks and deliverables in eMASS
Develop or revise existing policies, plans, and strategy documents to meet requirements for RMF Control Families
Create comprehensive documentation including Incident Response Plans, Contingency Plans, Information Assurance Vulnerability Management Plans, Configuration Management Plans, and Physical Security Plans
Ensure all Information Assurance requirements are addressed and compliant with applicable DoD and DON cybersecurity policies
Evaluate discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks
Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs
Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems
Perform systems security reviews, audits, and evaluations to ensure accreditation documents accurately represent current risk posture
Determine residual risk of packages based on package content and assessment results for Security Controls Assessor review
Conduct analysis of logs, events, and reporting from various data collection tools including Assured Compliance Assessment Solution (ACAS), Host Based Security Systems (HBSS), Security Information and Event Management (SIEM), firewall systems, and intrusion detection systems
Support continuous monitoring activities for authorized systems to maintain Authorization to Operate (ATO) status
Develop and update required eMASS documents at specified frequencies, including POA&Ms and Risk Assessment Reports (RARs)
Determine system compliance with all applicable Controls and Assessment Procedures (APs) for assigned DON systems
Maintain current vulnerability scan data and residual risk POA&Ms in Vulnerability Remediation Asset Manager (VRAM)
Track deliverables and action items in accordance with A&A guidance
Perform detailed technical documentation analysis of software/hardware associated with systems and components
Develop system architecture diagrams, software design requirements, network connection/authorization boundary diagrams, and RMF plans/policies
Create and maintain vulnerability DON eMASS POAMs for systems
Present and submit data to management, develop comprehensive reports, and produce procedural documentation
Execute Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs), ACAS scanning, and apply patches to assets to obtain cybersecurity compliance
Manage, attend, and support configuration control board practices
Coordinate with government personnel, system owners, and other stakeholders throughout the RMF process
Assess impacts from observed risks and report via the Cybersecurity Program chain of command
Perform evaluation of system administrator and security engineer proposed corrections to ensure compliance
Support Information Assurance Vulnerability Management (IAVM) activities including remediation, patching, and scanning
Ensure RMF artifacts comply with published Navy, NAVSEA Business Rules, NIST SP-800-37, and SP-800-53 Rev 4 requirements
Create and verify accuracy of POA&Ms/RARs as identified by vulnerability test results
Ensure information systems are operated, used, maintained, and disposed of in accordance with security policies
Test systems to verify adequate functionality for mission and project requirements
Maintain security clearance and comply with all security requirements specified in the contract

Qualification

Risk Management Framework (RMF)Information Assurance Management (IAM)Information Assurance Technical (IAT) Level 2EMASSCybersecurity complianceNIST Special PublicationsVulnerability assessmentsStakeholder communicationContinuous monitoringTechnical documentation

Required

Must be a U.S. Citizen
Active Secret security clearance
Target Education: Bachelor's degree (Computer Science, Information Technology or related technical degree) from accredited College or University
Target Experience: Four (4) years of professional experience in Information Assurance Compliance
Minimum Certification: Must demonstrate at least one of the following: Information Assurance Management (IAM), Information Assurance Technical (IAT) Level 2 certifications (acceptable certifications include: CAP, CASP+ CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP)
Maintain current IAM/IAT Level 2 certification with required Continuing Professional Education (CPE) as mandated by certification body
Complete all required Government mandated training including Antiterrorism Level 1 Awareness, Operations Security (OPSEC), Cybersecurity 101 Training, and other security-related training as specified

Preferred

Experience with Navy cybersecurity programs and RMF processes
Familiarity with NIST Special Publications and DoD cybersecurity instructions
Experience with eMASS, VRAM, ACAS, and other DoD cybersecurity systems
Knowledge of Navy and DoD organizational structure
Experience supporting NAVSEA or other Navy commands
Professional experience in DoD or Navy environments
Understanding of NAVSEA Business Rules and SOPs

Company

Arlo Solutions

twittertwittertwitter
company-logo
Arlo Solutions is a dynamic team of proven data protectors, information confidantes, tech aficionados and digital innovators.
dateFounded in 2014
location
Washington, District of Columbia, USA
people-size51-200 employees
web-link
https://arlo-solutions.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Lonye Ford
CEO
linkedin
leader-logo
Tesfa “Taz” Wube
Chief Growth Officer
linkedin
Company data provided by crunchbase