Description
Description
SAIC's Horizon 2 contract is seeking an energized and professional Cyber GRC Analyst Principal / Information Systems Security Manager (ISSM) to support the contract's secure operating facilities in Colorado Springs, CO. The Horizon 2 contract supports the US Space Force Space Systems Command's Program Executive Offices overseeing the Space Domain Awareness and Combat Power, and Battle Management Command, Control and Communications portfolios.
You will manage all facets of SAIC's Information Protection Program at our Colorado Springs location, and are responsible for accreditation, compliance, continuous monitoring, and operational security of classified information systems across applicable classification levels. You will provide oversight, guidance, and technical support on IT and information system security issues affecting the mission of the customer, by implementing common information system security practices, policies, and standards. Your background in applying sound and effective Information Assurance security practices, in both Windows and Linux environments, will be the driving force behind the success of our customers' missions.
Join us in safeguarding the nation's space assets and exploring the limitless opportunities that await in this dynamic role. You'll have the invaluable opportunity to be mentored in this role, ensuring not only your professional growth, but also the continued excellence of our operations. You will get to use your strong communication (verbal and written) skills and interpersonal skills in a dynamic customer centric environment, which may require sporadic off-hours support. If this is what you are looking for, keep reading.
Fun stuff you will do on the job:
- Lead activities required to obtain and maintain Authority to Operate (ATO) approvals for classified information systems
- Ensures compliance with applicable Department of Defense (DoD) and Risk Management Framework (RMF) requirements including CNSSI guidance, NIST security controls directives, and other applicable cybersecurity policies
- Perform vulnerability/risk assessments to support authorization and accreditation of classified systems
- Develop, maintain, and update RMF documentation to include System Security Plans (SSP), System Assessment Plans (SAP), Risk Assessment Reports (RAR), Security Control Traceability Matrices (SCTM), Plans of Action and Milestones (POA&M), and Continuous Monitoring Plans (ConMon)
- Coordinate with program security officers and/or cognizant security officials on approval of External Information Systems (e.g., guest systems, interconnected systems)
- Conduct periodic reviews and evaluations of required IS policies, standards, and procedures
- Coordinate Information System Security Assessments, tests, and reviews
- Conduct due diligence and process hardware and software requests
- Provide configuration management for information system security software, hardware, and firmware
- Coordinate Incident Response (IR) activities, security event reporting, and corrective actions associated with cybersecurity incidents affecting authorized systems
Qualifications
This is You:
- Bachelor's degree (preferable BS; Information Security related), 9+ years experience (7 years of experience may be used with a Master's degree) with:
- Cybersecurity, information assurance, system administration, or equivalent combination to reflect knowledge and experience
- The Risk Management Framework, National Institute of Standards and Technology, Committee on National Security Systems cyber security requirements and guidance, and cyber security related risk management methodologies
- Program Security responsibilities to include, but not limited to: OPSEC, Program Protection, Personnel Security clearances, Security Training and Education, and Classification management
- Working in a SAP and/or SCI environment
- Controlling, labeling, virus scanning, and appropriately transferring data (upload/download) between information systems at varying classification levels
- Must have an in-scope security background investigation (T5 or SSBI), adjudicated for SCI eligibility and enrolled in the Continuous Evaluation program (if applicable)
- Must be willing to be nominated for access to Sensitive Compartment Information and Special Access Programs and willing to consent to a Polygraph examination
- Possess certification(s) that meet or exceed DoD 8140 IAT Level II requirements (ex. CompTIA Security+, CISSP).
You will wow us even more if you have these skills:
- A Master's degree (preferably in cyber security, Information Security or related security studies)
- Knowledge and experience using DoD tools and capabilities for vulnerability assessments and compliance reporting (eMASS, XACTA, ACAS, STIGs, Nessus, SCAP, Splunk, etc.)
- Knowledge of the JSIG, ICD 503, NIST Risk Management Framework (RMF), NIST SP 800-53/53A, and CNSSI 1253, and the Assessment & Authorization (A&A) process
- Experience with Incident Response and Disaster Recovery Procedures
- Experience creating/updating plans, processes, and procedures, in support of system and data security requirements, as well as establishing artifacts required for system certification
- Familiarity with virtualized hosting, such as VMware
- Experience conducting security audits/system assessments of information systems
- Extensive training or experience with Windows-based Information Systems with a working knowledge of LINUX operating systems
- Understanding of Contractor Program Security Officer (CPSO) functions, responsibilities, and disciplines (i.e., PERSEC, PHYSEC, facility alarm operations, Security Training and Education, visitor access requests)
- Have an understanding of DD254s to support government contracts
Apply on company website