Act as a technical management resource for information system security matters. Provides technical and programmatic Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems. Ensures the development and implementation of information security policy, requirements, and procedures within an organization’s business processes. Reviews documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation. Conducts complex vulnerability assessments to include; development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment. Reviews system configurations and scan tool results in order to determine system compliance and report results.
Analyzes policies and procedures against Federal laws and customer regulations and provides recommendations for closing gaps. Develops strategies to comply with privacy, risk management, and e-authentication requirements. Provides cyber security and information system security support for the development and implementation of security architectures to meet new and evolving security requirements. Evaluates, develops and enhances security requirements, policy and tools. Provides assistance in computer incident investigations. Performs vulnerability assessments including development of risk mitigation strategies.