Cybersecurity Audit & Compliance Officer (Caco)

Summary

This intermediate level Cybersecurity professional is responsible for conducting assessments of the implementation of NISP security requirements (e.g., management, operational and technical security controls) for information systems governed by the NISPOM, JSIG and other USG requirements (e.g., DoD 5205.07-V1 – V4) at multiple locations. The CACO will monitor program activities and continually evaluate and make necessary adjustments for a highly effective security program as a business discriminator. The CACO will identify and document potential or actual weaknesses or deficiencies discovered in the information systems, provide recommended corrective actions to address identified vulnerabilities to responsible senior level leadership, and track corrective actions to closure. Responsibilities will include Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.

Essential Duties and Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Clearly communicate/present program status, issues, risks, opportunities and plans to senior program management and senior executive staff members
• Represent the Security Organization on inspection teams
• Ensure security policies and procedures comply with Government standards
• Evaluate and validate the effectiveness and implementation of Continuous Monitoring Plans
• Accomplish tasks as assigned by the Sr. Director of Security
• Review any active Plan of Action and Milestones (POA&M) with identified weaknesses for each Authorization Boundaries assessed, based on findings and recommendations from the SAR
• Collaborate daily with a wide variety of functional areas such as Program Management, IT, and Cybersecurity personnel to ensure security compliance of classified information systems.
• Validate proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered.
• Perform assessment of ISs, based upon the RMF methodology in accordance with the DAAPM, JSIG, and other USG security requirements.
• Assist the Government with security incidents that relate to cybersecurity and ensure that the proper corrective actions have been taken
• Assist with Government compliance inspections
• Perform security analysis of operational and development environments, threats, vulnerabilities, and internal interfaces to define and assess compliance with accepted industry and government standards
• Identify program challenges, recommend and coordinate solutions with senior Engineering leadership
• Conduct investigations of computer security violations and incidents, reporting as necessary to both the FSO/CPSO and Program Management.
• Acts as a primary liaison with between the D&S Global Security organization and Engineering/Program Management leadership teams regarding Cybersecurity compliance.
• Ensure security assessments are completed and results documented and validate the Security Assessment Report (SAR) for the Authorization boundary

Qualifications and Education Requirements

• A minimum of 8 years of successfully implementing and managing information systems security requirements in support of classified programs. Collaboration with multi-disciplined organizations is critical to the CACO’s success.
• Must display tact and self-discipline necessary to interface effectively with customers, vendors, all levels of management, and employees.
• Ability to understand information systems equipment configurations (switches, routers, IDS, firewalls, servers, storage arrays, etc.)
• Willingness to submit to a Counterintelligence polygraph
• Demonstrated technical experience configuring Windows, Networking, and UNIX-based operating systems IAW DISA STIGs.
• Demonstrated experience with information systems and RMF process/artifacts is required and industry-standard Information Assurance tools.
• Ability to receive and provide constructive feedback, recognizing blind spots and working to maintain a positive, collaborative, and effective team environment
• Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level III or Information Assurance Manager Level II within 6 months of the date of hire
• Due to U.S. Government contract requirements, only U.S. citizens are eligible for this role.
• Hands-on auditing and investigation experience
• Able to demonstrate complex reasoning and problem-solving abilities.
• Able to reason, plan, and evaluate situations to make appropriate recommendations and take actions beneficial to the program and the company.
• Expert knowledge as an ISSM or SCA implementing or managing cyber security requirements on classified systems under NISPOM, JSIG, ICD 503, NIST-53, and/or CNSSI 1253.
• Bachelor’s degree in related discipline
• Strong organizational and administrative skills with the ability to track a large number of programs concurrently.
• Eligibility for access to Special Access Program Information

Security Responsibilities

Must comply with all company security and data protection / usage policies and procedures. Personally responsible for proper marking and handling of all information and materials, in any form. Shall not divulge any information, or afford access, to other employees not having a need-to-know. Shall not divulge information outside company without management approval. All government and proprietary information will be accessed and stored electronically on company provided resources.

• Incumbent must hold Current Top Secret/SCI eligibility with current Investigation Date

Work Environment

• Work will be performed in office environment on site. This is not a remote position.
• This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

• Ability to travel up to 50% (CONUS & OCONUS)
• Ability to sit for long periods of time in front of a computer
• Ability to work overtime as needed
• The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for their job. Duties, responsibilities, and activities may change at any time with or without notice.