What are the responsibilities and job description for the Information Assurance Lead position at TIAG®?
TIAG is now hiring an Information Assurance Lead to support our team full time out of the Office of Naval Research in Arlington, VA. This role requires a TS level clearance and reports onsite in Arlington. This is a hybrid role with onsite requirements up to 3x per week.
The Information Assurance Lead is responsible for developing effective initiatives for information assurance and management options. The lead is responsible for ensuring the IA and Cybersecurity requirements are integrated into the system development lifecycle. Provide the artifacts required to achieve initial authority to test and Authorization to Operate (ATO).
Position Responsibilities
The Information Assurance Lead is responsible for developing effective initiatives for information assurance and management options. The lead is responsible for ensuring the IA and Cybersecurity requirements are integrated into the system development lifecycle. Provide the artifacts required to achieve initial authority to test and Authorization to Operate (ATO).
Position Responsibilities
- Executes and manages the A&A process for multifaceted systems, networks and enclaves.
- Develops custom A&A documentation, champions the approval process, and at times personally assists with the negotiation of the approval process.
- Serves as an expert resource on RMF, emerging cyber tools, threats, techniques and vulnerabilities to many projects/programs at the client.
- Coordinates risk mitigation through management of the Plan of Action and Milestones (POA&M) process. Verifies actions taken by internal IT support teams satisfy risk mitigation.
- Supervises small team of Information Assurance analysts who perform vulnerability assessment scanning risk analysis, and assist in the RMF process.
- Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.
- Coordinates implementation of computer system plan with establishment personnel and outside vendors.
- Coordinates with IT and facilities security and recommends improvements
- Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
- Develops and leads security awareness by providing briefings, educational material and on-going communication.
- Document computer security and emergency measures policies, procedures, and tests.
- Ensures authorized access by investigating improper access, revoking access, reporting violations and monitoring information requests.
- Ensures networks, applications and information systems meet security posture and makes recommendations for improvement.
- Ensures that systems are safeguarded by ensuring that regular backups are performed, procedures are followed for source code management and disaster preparedness and recommending improvements.
- Establishes computer and physical security by developing standards, policies and procedures.
- Modify computer security files to incorporate new software, correct errors, or change individual access status.
- Monitor current reports of cybersecurity threats and vulnerabilities as issued by government and private sector organizations.
- Monitor use of data files and regulate access to safeguard information in computer files to prevent data loss.
- Provide support to external audits and assessments including CCORI.
- Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
- Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
- Train users and promote security awareness to maintain a high level of system security and to improve server and network efficiency.
- Updates job knowledge by participating in educational opportunities, reading professional publication and maintaining Continuous Education Units (CEU).
- Active Top Secret clearance
- Bachelor’s degree from an accredited institution in one of the following: Information Assurance, Cyber, Computer Science, Engineering, or related discipline
- DoD Information Assurance Workforce (IAWF) DoD 8570 IAM Level II qualification.
- Experience leading the successful capturing and refining of information protection requirements and ensuring their integration into IT systems through purposeful security design or configuration
- Experience with DIACAP and RMF
- Experience with eMASS governance, risk, and compliance tool
- Ten (10) years of experience within the Cyber assurance/ Information assurance space
- Cloud computing implementation and maintenance preferably with AWS.
- Knowledge of Navy RMF risk assessment processes.
