Job Details

ID #12239618
State Washington
City Washington
Job type Full-time
Salary USD TBD TBD
Source MindPoint Group, LLC
Showed 2021-04-14
Date 2021-04-02
Deadline 2021-06-01
Category Et cetera
Create resume

Information Assurance Program Manager (IA PM, PMP required)

Washington, Washington 00000 Washington USA

Vacancy expired!

Job Description

MindPoint Group, LLC is seeking an Information Assurance (IA) Program Manager (PM) supporting a team of Information System Security Officers (ISSOs) and Cybersecurity Policy Analysts by providing cybersecurity support services in accordance with Federal laws, OMB/NIST and FedRAMP guidance and standards, and client FISMA policies, standards and procedures. The following services will be provided by the PM:

  • Direct and oversee the daily operations of the contract.
  • Prepare and present written communications, plans, reports, briefings and background materials for the client’s executive management teams;
  • Lead and participate in meetings and discussions and serve as the central point of contact for the client;
  • Establish, document, and manage the scope, schedule, resource allocation, cost, and expense tracking for projects and sustaining activities to ensure successful project execution and deliverable deadlines are met on time;
  • Identify, document and communicate problems and risks that could adversely impact performance, cost and/or delivery schedule, and opportunities for improvement on the project;
  • Produce relevant cybersecurity metrics and reporting, including quarterly FISMA reporting;
  • Prepare and review information system security authorization process deliverables, including but not limited to System Security Plan, Security Assessment, and Plans of Action and Milestones;
  • Oversee and perform regular cybersecurity requirements, including annual security control assessments and testing;
  • Generate general and technical security analyses;
  • Reviewing proposed changes to federal policy or requirements;
  • Updating client policies and procedures as needed with client feedback or external driver requirements;
  • Complete data entry in FISMA and Cyber Security Assessment and Management (CSAM) system;
  • Oversee FISMA and FISCAM audits conducted by the OIG and ensures successful delivery of all deliverables;
  • Support the security staff in all FISMA related activities including but not limited to compliance reviews; and
  • Conduct assessment and develop cybersecurity recommendations based on emerging issues.

Security Assessment and Authorization (SA&A) Documentation Support

The PM shall oversee a team of personnel to maintain the security assessment and authorization documentation for information systems under their purview in accordance with the required policies and regulations. PM is responsible for ensuring the following:

  • Documenting the initial System Security Plan and updating the plan as required, minimum annually.
  • Documenting, reviewing, and/or updating the FIPS 199 Security Categorization at least annually.
  • Documenting, reviewing, and/or updating the Information System Contingency Plan and Incident Response Plan and updating annually within six months of testing the plans.
  • Documenting, reviewing, and/or updating the Continuous Monitoring Plan annually within six months of the last completed assessment.
  • Documenting, reviewing, and/or updating the Configuration Management Plan at least annually.
  • Preparing and/or updating the Initial Privacy Assessment and Privacy Impact Assessment for client Privacy Officer adjudication.
  • Developing, reviewing, and/or updating any System Interconnection Memorandum of Understanding/Interconnection Security Agreements as required.

Continuous Monitoring (CM) Assessment Support

The PM shall oversee a team of personnel to perform and document continuous monitoring assessments for information systems under their purview in accordance with the required policies and regulation. The PM shall maintain a security management continuous monitoring program that meets or exceeds the requirements in the latest edition of FedRAMP Cloud Computing Security Requirements Baseline and FedRAMP Continuous Monitoring Requirements. The PM shall report on FMCSA systems on an ongoing basis and inform the COR and ISSM when changes occur that may impact the security of the system. The PM shall perform review activities to include, but not limited to,

  • Regular operating system, database, and web application vulnerability scanning.
  • Remediation of identified vulnerabilities, including patch and vulnerability management.
  • Deficiency identification and recommendation for remedies to the client.
  • Evaluation of proposed changes to the information systems.
  • Regular review of audit logs generated by the information systems.
  • Documentation updates as needed to support the security assessment process.

SOPs and Policies

The PM is responsible for the following to complete:

  • Development of policies and corresponding standard operating procedures pertaining to cybersecurity and privacy for review by the client and assist with addressing the comments and corrections.
  • Develop and maintain policies and procedures in line with new security and privacy requirements and ongoing operations.
  • Identify opportunities for updated or new policies and standard operating procedures associated with changing technology and security implementations

Functional Responsibilities:

The Program Manager may perform any or all of the following:

  • Serve as the interface with the client’s senior management personnel, and program managers, as required to successfully meet program objectives.
  • Maintains liaison and direction of lower level staff, business, and technical staff.
  • Lead technical teams; using staff effectively; employing management and technical skills to achieve program results.
  • Direct staff by formulating and enforcing work standards, assigning staff work schedules, reviewing and resolving work discrepancies, supervising personnel, and communicating policies, purposes, and goals of the organization to subordinates and subcontractors.
  • Oversee and manage day-to-day security assessment activities.
  • Optimize system operation and resource utilization, and perform system capacity planning/analysis while maintaining the security posture.
  • Perform threat and risk security analyses.
  • Provide training, research, and recommendations on client networks and AIS.
  • Participate in internal and external security audits, evaluations, and risk assessments of complex operational data processing communications systems and facilities and provide recommendations for countering detected vulnerabilities.
  • Conduct security and internal control reviews of information systems.
  • Conduct specific technical reviews to support non-standard operational requirements and systems.
  • Design, develop, and maintain unique security tools and techniques for conducting cybersecurity evaluations.

Qualifications

  • Active Top Secret clearance required
  • Active PMP required
  • Minimum of 8 years of general work experience and 6 years of functional relevant experience in completing and managing complex projects and teams
  • Minimum Education: Bachelor’s Degree
  • Experience and education equivalents: ActiveProject Management Professional (PMP) required; Certified Information Systems Security Professional (CISSP) recommended, or other relevant cybersecurity certifications
  • Thorough understanding and knowledge of FISMA, FedRAMP, and SA&A process
  • Understanding and experience with CSAM is a PLUS
  • Understanding of the following technologies is a plus: Nessus, Wireshark, Gold Disk, Retina, other security vulnerability scanning tools
  • Strong Proposal experience preferred

Additional Information

  • All your information will be kept confidential according to EEO guidelines
  • Equal Opportunity Employer Veterans/Disabled

Vacancy expired!

Subscribe Report job