Be an early applicantLess than 25 applicants

Company

AECOM · 3 days ago

Federal Information Systems Safeguarding and Compliance Manager - Remote, Various US Locations

Minneapolis, MN

Full-time

Remote

Mid, Senior Level

$115K/yr - $165K/yr

8+ years exp

Maximize your interview chances

Civil EngineeringConstruction

No H1B

U.S. Citizen Only

Insider Connection @AECOM

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Maintain operational security posture for programs and information systems

Information safeguarding interface to AECOM project teams

Participate in the system development lifecycle to ensure secure solutions are delivered

Ensure system security measures comply with applicable government policies

Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system

Ensure proper measures are taken when a federal information security incident or vulnerability is discovered

Assist IT in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems

Maintain thorough understanding of NIST 800-171 controls, as well as document implementation in the Systems Security Plan

Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security controls applied to a system are implemented and functional

Maintains awareness of upcoming customer / government driven changes and challenges and suggests approaches to meet those challenges

Ensure development and implementation of applicable Federal information security education, training, and awareness activities

Responsible for both the technical practice and operational management of one large or multiple small to medium sized offices/operating units with moderate complexity

Determines and executes the strategic direction of the office(s) to ensure financial profitability

Works in conjunction with the district and/or regional management to ensure financial success of the offices within the district or operating unit

Cloud services reduction- AWS

Onboard business teams, oversee the contractor provisioning SSD workspaces

Virtualize the SSD in Azure by working with project teams defining requirements, architecting and overseeing the delivery of assets, developing and updating project specific work instructions

Develop and document run books for virtualizing SSD applications

FY25 budgeting- roadmap

Peering with cleared facilities ISSM, develop cleared facilities run book.

Extend USA safeguarding knowledge to Canada

Information Security Oversight

Environment Security Initiatives

Environment Security Controls/Measures

Governance & Compliance Oversight

Regulatory Compliance Initiatives (NIST 800-171, CMMC II)

POA&M & Attestation Compliance

Engineering Oversight

Project Onboarding

Workload Support & Consumption

Operation & Maintenance Oversight

Azure GCC-High Support

Azure Networking Support

Azure Firewall Support

Azure Web Application Firewall Support

Azure Database Support

Azure Virtual Machines Support

SSD Helpdesk Oversight

Add ports document updates

Audit remediation

Mature and support FBS Artificial Intelligence, FAQ Bots, user self-service tools

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

NIST SP 800-171DFARSCybersecurity Maturity Model CertificationAWSAzureInformation SecurityVulnerability ScanningSingle Sign-On (SSO)Multi-Factor Authentication ()Endpoint ProtectionEncryptionData Loss Prevention (DLP)FirewallsIntrusion Detection/Prevention Systems (IDS/IPS)Security Methodologies

Required

Bachelor’s degree plus at least 8 years of relevant information security experience or demonstrated equivalency of experience and/or education (AS degree plus at least 10 years of relevant experience OR HS diploma plus at least 12 years of relevant experience)

Understanding of RMF such as: NIST SP 800-171, NIST SP 800-53, DFARS Clause 252.204-7012 and or FAR Clause 52.204-21

Technical & operational knowledge of cyber technologies such as (SSO, MFA, Endpoint Protection, Encryption, DLP, Vulnerability Scanning Firewalls, IDS/IPS, AWS)

Knowledge and experience with public cloud environments (Azure, AWS)

Knowledge of security methodologies, policies, standards and industry practices

Experience with large scale enterprise wide security projects

Due to nature of work, candidate must be a US Citizen

Preferred

Previous experience designing and implementing a Secure Services Domain is a plus

Prior experience with AECOM Information Safeguarding and Compliance

Strong quantitative and analytical skills

Past federal Cyber Security experience

Experience with Cybersecurity Maturity Model Certification (CMMC)

3+ years of experience securing enterprise networks and information systems according to Industry frameworks, such as NIST 800-171

Ability to remain organized, pay attention to detail, and meet critical deadlines

Strong written, verbal, interpersonal and presentation skills with the ability to lead meetings and present to large groups of technical and business personnel

Excellent time & people management skills, ability to effectively manage a large volume of work

Performing effectively in a team environment and independently with minimal direction; self-motivated and able to work on multiple activities in a fast paced environment