A&A Technical Site Lead / Deputy Project Manager jobs in United States
cer-icon
Apply on Employer Site
company-logo

CACI bv ยท 13 hours ago

A&A Technical Site Lead / Deputy Project Manager

positionAlexandria, VA
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$104K/yr - $218K/yr
date10+ years exp

CACI is a company dedicated to ensuring the safety of the nation through integrity and innovation. They are seeking an A&A Technical Site Lead / Deputy Project Manager who will be responsible for leading project management efforts and providing guidance in risk management and cybersecurity assessments.

ConsultingEducationTraining
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Serve as onsite Project Manager and representative of assigned department for meetings and efficiently lead internal resources to meet established milestones and targeted completion dates
Provide guidance, coaching and training to 10+ employees of assigned teams
Review security control package submissions from validator staff
Subject Matter Expert in the Risk Management Framework Steps 0 to 7
Demonstrate experience applying the Risk Management Framework (RMF) to cloud environments, including assessing and mitigating cloud-specific risks
Provide the United States Coast Guard (USCG) with tailored documentation to support their security authorization
Plan and execute security control assessments for various information systems within the organization
Develop and maintain assessment procedures and methodologies aligned with NIST guidelines and other relevant frameworks
Analyze and evaluate the effectiveness of implemented security controls
Identify vulnerabilities, weaknesses, and potential risks in information systems and infrastructure
Prepare detailed Security Assessment Reports (SARs) documenting findings and recommendations
Collaborate with system owners, ISSOs, and other stakeholders throughout the assessment process
Verify the implementation of remediation actions and conduct follow-up assessments as needed
Provide expert advice on the development and maintenance of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
Stay current with evolving cybersecurity threats, technologies, and best practices
Validate security control implementation and provide test results
Hands-on experience in assessing RMF Step 4 and performing continuous monitoring
Examine security control weaknesses and determine if they are producing the desired intent
Deep understanding of Vulnerability Management practices

Qualification

NIST RMF implementationCloud environments expertiseEMASSSimilar toolsCybersecurity experienceVulnerability ManagementSecurity Assessment ReportsDoD 8570/8140 certificationPrivacy Compliance ActivitiesSystems Development LifecycleProject ManagementTeam leadership

Required

US Citizenship required and hold DOD Secret or higher clearance
Intimate understanding of NIST RMF implementation guidance
10 plus years of cyber (Cloud, ISSM, ISSO), Networking and Systems Engineering
5 plus years lead or management experience
Hands-on experience with using eMASS or similar Information Assurance tools
Extensive knowledge of cloud environments such as Microsoft Azure and AWS
Well-developed understanding of Federal Civilian or DHS Security Assessment and Authorization (SA&A) processes
In-depth understanding of the relevance of NIST Security Controls and Control Implementation methodologies to the SA&A process
Experience analyzing vulnerability scans and STIG implementations
Can demonstrate understanding of critical documentation required in Security Authorization (SA) Packages
Ability to understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN)
DoD 8570/8140 IAT III baseline certification (e.g., CISSP, CISM, CISA, CCNP Security)
CSSP-AU certification - must obtain within 60 days of employment
Knowledge/Familiarity with DoD 8500, DoD 8510, DHS 4300 A and B, NIST SP 800-18, 60, 70, 53, 53A, 137, IACS, CMRS, COAMS, JIMS, Swimlane, Governance, Risk, and Compliance, POA&M (i.e., Management, Assessment, etc.), ERS, FISMA, Knowledge Service, ACAS, Tanium, Power BI, Project/Program Management, TASKORD (i.e., FRAGO, CTO, etc.), and Data Calls (i.e., OIG Audit, etc.)
Hands-on experience in assessing RMF Step 4 and performing continuous monitoring
Examine security control weaknesses and determine if they are producing the desired intent
Deep understanding of Vulnerability Management practices

Preferred

Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A)
Relevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with specific current hands-on experience researching, writing, and submitting complete A&A documentation packages for new system authorizations
Typically has a University Degree (BA/BS) or equivalent experience and minimum 5 years related work experience

Benefits

Healthcare
Wellness
Financial
Retirement
Family support
Continuing education
Time off benefits

Company

CACI bv

twittertwittertwitter
company-logo
CACI levert, implementeert en beheert bedrijfskritische oplossingen voor het Hoger Onderwijs: het StudentInformatieSysteem OSIRIS en LISA voor zaakgericht werken.
dateFounded in 1997
location
Amsterdam, Noord-Holland, NLD
people-size51-200 employees
web-link
https://www.caci.nl

Funding

Current Stage
Growth Stage
Company data provided by crunchbase