Specialist, Information Assurance Compliance II (SIAC2) jobs in United States
info-icon
This job has closed.
company-logo

ARMADA, Ltd. · 3 weeks ago

Specialist, Information Assurance Compliance II (SIAC2)

positionPhiladelphia, PA
timeFull-time
remoteOnsite
seniorityMid Level
date4+ years exp

ARMADA, Ltd. is seeking a Specialist, Information Assurance Compliance II (SIAC2) to evaluate and document the security posture of systems in accordance with various regulatory frameworks. The role involves developing and maintaining risk management framework packages, conducting risk assessments, and ensuring compliance with security standards.

HardwareManufacturingMobile
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Specialist, Information Assurance Compliance II (SIAC2) will collect and collate system or site information and use it to evaluate and document in Enterprise Mission Assurance Support Service (eMASS) the security posture of the system or site being Assessed, Authorized, and maintained. Will have access to the unclassified and classified Navy eMASS system
Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, NAVSEA Business Rules, DON RMF Process Guides, NAVSEA Standard Operating Procedures (SOPs), and the business rules of cognizant review offices. Should there be any conflicting interpretations, request for clarification/adjudication will be resolved in the Technical Instruction
Specialist, Information Assurance Compliance II (SIAC2) will develop the RMF package documentation required for submission in accordance with DoD/NAVSEA directives. Some examples include AO Determination Request Package and Checklist, System Platform IT (PIT) Determination, Categorization Form, HW/SW lists, Authorization Boundary Diagrams, Defense in Depth Diagrams, PPSM list, Privacy Impact Assessment (PIA). E-Authentication Questionnaire, System Level Continuous Monitoring Strategy (SLCM), Security Plan (SP), RMF Step SOP checklists, Plan of Actions and Milestones (POA&M), Security Assessment Plan (SAP), Security Technical Implementation Guide (STIG), Alternate Forms of Compliance, Security Assessment Report (SAR), Risk Assessment Report (RAR), Security Authorization Package, Package Endorsement Letters. Products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, eMASSTER etc.)
Develop or revise existing policies, plans, and strategy documents to meet requirements for RMF Control Families and ensure all IA requirements have been addressed. Some examples include an Incident Response plan, Contingency plan, Information Assurance Vulnerability Management plan, Configuration Management plan, System Development plan, and Physical Security plan. Evaluate all discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks
Specialist, Information Assurance Compliance II (SIAC2) will conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on package content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher level review
Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems. Examples include executing STIGs, SRGs, ACAS scanning, and applying patches assets to obtain cybersecurity compliance and remediate vulnerabilities
Specialist, Information Assurance Compliance II (SIAC2) will develop and maintain in eMASS a Plan of Action and Milestone (POA&M) for all IA-related tasks and deliverables. The POA&M should include findings from required Security Technical Implementation Guides (STIGs), vulnerability test results, automated scan reviews, Assured Compliance Assessment Solution (ACAS) scans, Security Content Automation Protocol (SCAP), Evaluate STIG, and other DoD-mandated assessment-utilities. eMASS shall be utilized to assist in POA&M creation
Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system
Perform analysis of logs, events, and reporting of various data collections tools including: vulnerability monitoring via Assured Compliance Assessment System (ACAS) and related tools, Host Based Security Systems (HBSS), web content filters, Security Information and event management (SIEM), firewall systems, network devices, server devices, workstations, and intrusion detection and prevention systems (ID/PS)
Specialist, Information Assurance Compliance II (SIAC2) will assess impacts from observed risks and report via the Cybersecurity Program chain of command
Executing Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems. Examples include executing STIGs, SRGs, ACAS scanning, and applying patches assets to obtain cybersecurity compliance and remediate vulnerabilities
Specialist, Information Assurance Compliance II (SIAC2) will perform the evaluation of system administrator, security engineer, and/or system owner proposed corrections to ensure compliance and best-fit solution
Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner
Specialist, Information Assurance Compliance II (SIAC2) will develop and update, at frequency specified in each package, all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs); products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, etc.)
Determine a system's compliance with all applicable Controls and Assessment Procedures (APs) for an assigned DoN system, including developing the appropriate test procedures, if necessary; executing the test procedures; and accurately documenting the results of security The analysts shall update the eMASS record for the assigned system(s)
Track deliverables and action items in accordance with A&A guidance
Specialist, Information Assurance Compliance II (SIAC2) will manage, attend, and support configuration control board practices
Ensure RMF artifacts are in compliance with published Navy, NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA), NIST SP-800-37 and SP-800-53 Rev 4. In addition, local NSWCPD policies and procedures may apply. Command Information System Security Manager (ISSM) will resolve any conflicting interpretations
Specialist, Information Assurance Compliance II (SIAC2) will write technical documentation such as user manuals, reports, documentation, policies, presentations, Plan of Action and Milestones (POA&Ms), risk assessments, proposals, outlines, and summaries in support of both ashore and afloat systems across multiple platforms. Support the development of technical documents across multiple platforms including configuration management, milestone, issue tracking, web site content management and RMF documentation
May be required to travel CONUS (any state in USA) and OCONUS (primarily Japan, and any country in Europe). The estimated number of trips is 14 per year (estimated 25%-30% travel)
Other duties as assigned

Qualification

Information Assurance ComplianceRisk Management Framework (RMF)EMASSSecurity Assessment Plans (SAPs)Microsoft VisioCompTIA Security+ (CE)CompTIA CySA+GIAC Security Essentials (GSEC)ISC² SSCPFile ManagementTeamworkCommunication SkillsOrganizational SkillsCustomer Focused

Required

Active Secret Security Clearance
Four (4) years of professional experience in Information Assurance Compliance
Bachelor's degree (Computer Science, Information Technology or related technical degree) from accredited College or University
Minimum of one (1) IAT Level II listed certificate required: CompTIA Security+ (CE), CompTIA CySA+, GIAC Security Essentials (GSEC), ISC² SSCP (Systems Security Certified Practitioner)
Ability to travel CONUS (any state in USA) and OCONUS (primarily Japan, and any country in Europe)
Proficient in Microsoft Windows Operating System Administration, including Windows 11, Windows 10, Windows 7, and Windows XP (at a minimum)
Ability to work as a team member, communicate, perform office functions and use office tools, customer focused and deliver exceptional performance
Possess excellent organizational and file management skills and the ability to plan and execute administrative work with little supervision
Possess excellent oral and written communication skills

Company

ARMADA, Ltd.

twittertwittertwitter
company-logo
ARMADA is a world-class provider of mitigation, prevention, preparedness, protection, response and recovery solutions.
dateFounded in 2014
location
Powell, Ohio, USA
people-size51-200 employees
web-link
http://www.armadausa.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Patrick North
Armada LTD Site Lead at U.S. Navy CENSECFOR Learning Site Mayport Florida
linkedin
Company data provided by crunchbase