|Published||July 22, 2021|
Review Cybersecurity packages (DICAP/RMF) for content and presentation of evidence of proper implementation of Cybersecurity requirements for the Designated Approving Authority (DAA/AO) . Provide feedback and consultation to Information System Security Officers (ISSO’s) to ensure that Authorization to Operate (ATO), Interim Approval to Operate (IATO), Interim Authority to Test (IATT), and Approval to Connect (ATC) packages meet the PEO standard.
Provide technical expertise to PMs in developing Cybersecurity Strategies (CSSs) as required by the Clinger-Cohen Act and DoD Acquisition policy, coordinate these CSSs with HQDA for Army CIO/G6 Approval in order to support major milestone decisions.
Review and coordinate with appropriate stakeholders to respond to taskings from HQDA, PEO IEW&S Staff, CECOM Staff, other agencies, and Warfighters in the field as they relate to Cybersecurity for PEO IEW&S Tactical and Developmental systems. (Such as: Public Key Infrastructure & Host Based Security Systems waivers & exemptions, Windows XP, Vista, and Server 2003 elimination.)
Maintain the APMS (Army Portfolio Management Solution) database for tracking Information Assurance accreditation status, and provide portfolio (acquisition) management oversight of all the Program Manager’s projects, for FISMA (Federal Information Security Management Act) compliance.
Manage and maintain on-line repository of current PEO IEW&S Authorization and Accreditation (A&A) documentation within all cybersecurity repositories (eMASS, Xacta), and the Army Knowledge On-line (AKO)-SIPRNET.
Provide Cybersecurity engineering subject matter expertise.
Consult with PM staff with regard to the implementation of the Risk Management Framework (RMF) and associated security controls.
Serve as a subject-matter expert for the implementation of component-level policy, coordinate exceptions to policy at the headquarters level for tactical equipment and mission requirements.
Identify cybersecurity requirements for systems in acquisition or development to comply with published RMF requirements, Cyber Tasking Orders (CTOs), Security Technical Implementation Guides (STIGs), policies, and analyze the requirements development and design process across the program offices of PEO IEW&S.
Provide leadership portions of Army vulnerability management and Assess and Authorization (A&A) processes, including analyzing, reviewing, or verifying Plans of Action and Milestones (POA&Ms), evaluating the overall risk posed by vulnerabilities to Army missions, networks, and data, and making recommendations to the Authorizing Official.
Lead A&A activities within established timelines, recommend courses of action for program managers and system owners to ensure compliance with FISMA, DoD and Army standards, and policy, and maintain an acceptable level of risk.
Develop cybersecurity education, training, mitigation strategies, and cybersecurity awareness at the headquarters level.
Develop processes to assist the Army in the development and lifecycle of information system packages; this includes creating templates and ‘how-to’ guides for implementing waivers, documents, and other important system artifact requirements.
Serve as a subject matter expert to provide technical guidance and recommendations to staff, stakeholders and leadership on all aspects of cybersecurity.
Oversee product teams to ensure cybersecurity objectives are met.
Plan, execute and provide technical expertise in obtaining ATO or appropriate interim authorities.
Due to the sensitivity of customer related requirements, U.S. Citizenship is required.
Bachelor's degree with a minimum of 5 years of related work experience.
Must possess a Top Secret/SCI clearance.
Experience with the eMASS software tool.
Experience with the Risk Management Framework (NIST 500-XX)