Logo
SMS Data Products Group

Senior Information Assurance Security Specialist

SMS Data Products Group, Springfield, Virginia, us, 22161


Senior Information Assurance Security Specialist

Job Locations

US-VA-Springfield

Job ID

2024-4884

# of Openings

1

Clearance Requirement

S

Education Requirement

High School Diploma/GED

Certifications

IAT level III & CSSP-AU: At least one of the DOD 8750 CSSP Auditor certifications: CEH, CySA+, CISA, GSNA, CFR, PenTest

Experience Level

Senior

8570 Compliant

IAT 3

Overview

SMS is seeking an Senior Information Assurance Security Specialist to join our team supporting the United States Coast Guard in Alexandria, VA. The Information Assurance Security Specialist is responsible for all Risk Management Framework (RMF) activities for implemented CDM technologies. You'll also work in a dynamic environment with other IA professionals using the latest technology.As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers' missions for more than 40 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.Submit your resume today.Responsibilities

The Senior Information Assurance Specialist will be responsible for the following:Serve as senior member and representative of assigned team for meetings and efficiently lead internal resources to meet established milestones and targeted completion dates.

Provide guidance, coaching and training to employees of assigned team.Assist in Security Assessment & Authorization CoordinationPlan and conduct security authorization reviews of federal systemsManage and review Accreditation PackagesSupport USCG system accreditation and Ongoing Assessment and Ongoing Authorization processes and activities for assigned systems.Provide SME knowledge of Risk Management Framework (RMF) policy and application, NIST Security Controls, and Control Implementation methodologies for the A&A process.Review and provide guidance on System Security Plan, Security Assessment Report (SAR), and Plans of Action and Milestones and other security documentationSupport POA&M remediation activities and the review of POA&M closure documentation.Responsible for assessing and developing authorization packages for technical solutions that may require collaboration with internal expertise and deep analysis of the technical solution.Collaborative and communicates with parties within, and outside, of own job function. May have responsibility for communicating with parties external to the organization (e.g., customers, vendors, etc.Understands and supports Privacy Compliance Activities to include the review of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN).Facilitates and monitors information assurance (IA) processes for new projects, including the development of security authorization packages and the tracking of progress for all Security Control implementations and Plans of Action and Milestones (POA&M).Support and/or development of all Security Authorization artifacts and documentation and assembling of Authorization packages.Responsible for administration and adherence of the Risk Management Plan.Coordinate closely with the Quality Assurance Specialists in identifying and mitigating risk to meet established quality standards.Qualifications

Minimum of an active DoD Secret clearance requiredUniversity Degree (BA/BS) or equivalent experience and minimum 5 years related work experienceCSSP-AU: At least one of the DOD 8750 IAT III certifications: CASP+ CE, CCNP Security, CISA, CISSP (or associate), GCED, GCIH, or CCSPRelevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with specific current hands-on experience researching, writing, and submitting complete A&A documentation packages for new system authorizations.Well-developed understanding of Federal Civilian or DHS Security Assessment and Authorization (SA&A) processes.Experience with continuous monitoring/ongoing authorizationIntimate understanding of NIST RMF implementation guidance.In-depth understanding of the relevance of NIST Security Controls and Control Implementation methodologies to the SA&A process.Experience assessing security controls based on cybersecurity principles and tenets. (e.g., NIST SP 800-53, Cybersecurity Framework, etc.).Demonstrated understanding of critical documentation required in Security Authorization (SA) Packages.Ability to understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN).Experience managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.Experience analyzing strategic guidance for issues requiring clarification and/or additional guidance.Understanding of the basic concepts and issues related to cyber and its organizational impact.Experience as senior or lead member of a team, including experience coaching and providing guidance to less experienced or new team resources, reviewing work products, tracking deadlines, and coverage, reporting, facilitating onboarding/offboarding procedures, etc.Experience with administrative planning activities, to include preparation of functional and specific support plans and preparing and managing correspondence.These Qualifications Would Be Nice to Have:Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A)Hands on experience with eMASS or similar application.

ClearanceActive DOD Secret clearance requiredCertificationsIAT Level III certificationCSSP-AU: At least one of the DOD 8750 CSSP Auditor certifications: CEH, CySA+, CISA, GSNA, CFR, PenTestSMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers' missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States.SMS is an Equal Opportunity Employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.