Framework (RMF) which include but are not limited to the following:
• Assist in planning and preparation for security Assessment and Authorization (A&A) as part of the Department’s Information Assurance policy and Federal Information Security Management Act (FISMA) implementation efforts
• Provide support for and where necessary to create security documentation for the required phases of the DOS A&A process in support of obtaining Authority to Operate (ATO) approvals of OBO systems
• Perform Security Impact Analysis (SIA) review of change requests and provide reporting requirements to system owners
• Update expired security controls in ArchAngel to support security findings and reporting
• Analyze and report on security findings identified during assessment
• Create Plan of Action & Milestones (POAMs) for identified security control findings
SBU - CONTRACTING AND ACQUISITIONS
• Evaluate security control implementations for all OBO Systems boundaries on a yearly basis
• categorize the information system and the information processed, stored, and/or transmitted by that system based on the impact analysis
• categorize the information system and document the results of the security categorization in the system security plan Systems Security Plan (SSP).
• identify the security controls that are provided by the organization as common controls for organizational information systems and document the controls in the control selection worksheet and database
• develop a strategy for the continuous monitoring of security control effectiveness and any proposed or actual changes to the information system and its environment of operation and recommend security controls based on the security categorization of the information system
• describe the information system (including the system boundary, system functions, and system data criticality/sensitivity) and document the description in the System Security Plan (SSP)
• register the information system in the Department's IT Asset Baseline
• conduct a review of system security plan the SSP with OBO ISSO to ensure completeness, accuracy, and readiness for approval by the OBO Information System Owner
• perform Annual Control Assessments, Contingency Plan tests, and SCF updates on an annual basis for all FISMA-reportable information systems;
• assist the OBO ISSO in the creation of a bureau-wide Information Systems Security Policy that will be derived and aligned with existing department of state Foreign Affairs Manuals (FAM’s) and Foreign Affairs Handbooks (FAH’s) as well as be aligned with NIST Special Publications 800-53 rev4 Security and Privacy Controls for Federal Information Systems and Organizations
REQUIREMENTS:
- Must possess a current Top-Secret clearance
- Five (5) years of progressive experience support technicians; analysis, design, and installation of computer based systems; analysis, design, and installation of LANs/WANs; and analysis, design, and installation of communications systems.
- General experience must include increasing responsibilities in technical management.
- Must possess a Bachelor Degree cybersecurity, computer science, informational technology, or related fields; Additional (4) four years of experience may be substituted for a degree.