MUST BE A U.S. CITIZEN and possess an active Top Secret security clearance
A3T, a fast-growing firm, specializes in Defensive Cyber Security Services, Enterprise Information Technology (IT) Solutions, and Professional Services driven by customer requirements. Our client’s customers are the focal point of all decisions and actions. A3T provides customer-centric services and focus resources to meet operational requirements, exceed expectations, and sustain organizational growth while mitigating risk.
Join A3T and watch your career soar! A3T is a small, agile, company looking for incredible talent to support the United States Government in many important national security roles. A3T is looking to bring on an experienced Program Manager and Cybersecurity SME - Risk Management with “Next-Level Thinking” who is ready to take their career to a new level with A3T."
Job Description: The successful Program Manager and Senior Cybersecurity SME - Risk Management candidate will serve as the Program Manager and the Program SME for Risk Management, A&A and Compliance providing wide-ranging support for all customer-supported audit activities.
The candidate will participate in the following activities:
- Program Management
- Must possess a high degree of professional confidence and credibility with the presence and communication skills to represent IT related concepts effectively with senior level management.
- Thorough understanding of program/project management techniques, methods and tools.
- Ability to interpret business objectives and successfully incorporate those objectives.
- Relevant industry knowledge of widely used systems and subsystems.
- Experience with group facilitation; ability to manage large-scale IT projects.
- Identify and understand complex problems/issues and develop solutions.
- Proven ability to manage teams, have demonstrated self-initiative and leadership skills.
- Strong verbal and written communication skills, ability to present to senior leaders.
- Have the capability and authority to resolve and respond to issues directly with the COR.
- Be proficient in conflict resolution and resolve minor concerns/issues.
- Possess strong organizational and analytical skills.
- Serve as the key point of contact and the focal point for all contract issues and keep the Government fully informed, both verbally and in writing.
- Communicate project needs, goals, and milestones with appropriate Government Leaders, Senior Management and Team members.
- Proactively manage contract projects and scheduling issues.
- Complete the administrative tasks associated with this PWS.
- Be familiar with all duties and qualifications stated in the PWS.
- Provide project coordination and process improvements thru the Quality Control Plan (QCP).
- Provide contract oversight to plan and administer projects for the overall program that take place at multiple levels with different goals.
- Provide and gather required information to assist with coordination support efforts.
- Provide analysis of project requirements and accurate cost estimates.
- Ensure employees under this contract are evaluated, and they demonstrate subject matter expertise in various IT Security policies, hardware, software, and communication technologies.
- Initiate, coordinate, and enforce systems, policies, and procedures.
- Supervise contractor employees and communicate job expectations.
- Mentor, coach, and counsel employees.
- Establish team member work schedules and assignments IAW PWS.
- Maintain staff by working with Corporate recruiting, and selecting, orienting, and developing personal growth opportunities.
- Drive process improvements for the product development and delivery process.
- Attend meetings directly related to duties IAW PWS to gain insight and/or provide subject matter expert (SME) guidance
- Submit all deliverables on time.
- Assessment and Authorization (A&A)
- prepare and review Mission Partner security assessment and authorization documents and artifacts in accordance with (IAW) with all DoD A&A regulations and governance.
- Document Mission Partner security findings using cybersecurity tools to include eMASS and ESPS.
- Register and maintain information system programs in DoD’s mandated program registration system.
- Verify information system Ports, Protocols and Services (PPS) are acquired, developed, implemented, maintained, and registered in DoD’s central registry system.
- Ensure applicable NIPRNet, SIPRNet, and isolated environment information system programs are registered in DoD’s mandated A&A repository.
- Monitor and report Mission Partner program's Authority to Operate (ATO) expiration dates.
- Initiate, process, and monitor authorizing official (AO) risk acceptance, Plans of Action and Milestones (POA&M), waiver, and reciprocity processing.
- Use the Office of the Secretary of Defense’s (OSD) official Knowledge Service portal as authoritative source for RMF policy and implementation guidelines.
- Provide documentation regarding the security posture of DoD Information Systems (IS) and Planned Information technology (PIT) systems to promote reciprocity as described in DoD Instruction (DoDI) 8500.01 and to assist AOs from other organizations in making credible, risk-based decisions.
- Maintain, update, and version control the Meeting Request List (MRL) and Document Request List (DRL) form via DISA's designated collaboration tool.
- Cyber Compliance:
- Assist in DoD supported audits, to include auditing and reporting of systems, networks, documentation, cybersecurity controls, DoD 8570.1-M requirements, information assurance vulnerability management (IAVM) notifications, and STIG.
- Conduct technical analysis of vulnerabilities to determine the impact to the DISA Enterprise cybersecurity posture.
- Create, maintain, and document functional processes that ensures cybersecurity requirements are identified and implemented throughout the system lifecycle, to include acquisition, design, development, testing, integration, implementation, operation, upgrade, and/or replacement.
- Risk Management:
- Implement DoD multi-tiered cybersecurity risk management process to protect U.S. interests, DoD operational capabilities, and DoD individuals, organizations, and assets IAW National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39 (Reference (o)) and Committee on National Security Systems (CNSS) Policy (CNSSP) 22.
- Create, maintain and document a risk management process for identifying, validating and reporting risks.
- Address, manage and integrate cybersecurity risk management throughout information technology life cycle, from acquisition to decommission.
- Perform, maintain, document and report on risk assessments IAW applicable DoD cybersecurity policies, standards, and architectures for Mission Partner information system programs to provide vulnerability posture awareness.
- Create, maintain, document and report risks associated with DoD cyberspace vulnerabilities and adversary threats impacting DoD employment of capabilities to achieve military, intelligence, and business operations objectives, and risk assessment mitigations associated with weaknesses or flaws introduced through faulty system design, configuration, and/or use.
- Assist and provide technical security expertise to the DISA Enterprise Information System Security Manager (ISSM) with researching and integrating new technologies (to include risks and benefits) pertaining to programs, systems, networks and the adherence to applicable cybersecurity requirements.
- Ensure information systems are assigned to and governed by a DoD component cybersecurity program that manages risk commensurate with the categorization of supported missions and the value of potentially affected information or assets.
Qualifications Clearance: Top Secret with SCI eligibility Education: Bachelor's degree or equivalent work experience
Hold an active Project Management Professional (PMP) certification. Hold one of more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM) and/or Certified In-formation Systems Security Professional (CISSP)
Experience: Ten + years of relevant/recent DoD Information Assurance Certification and Accreditation Process (DIACAP) and/or RMF AND Five + years of relevant/recent experience with Microsoft Office products.
- Experience with DISA is highly desired
- Experience working in an enterprise environment, for example, the WHS, ITA, Joint Service Provider (JSP) Pentagon, or Navy Marine Corps Internet (NMCI)
- Must have strong critical thinking/analytical skills, creativity, a proven drive for quality, and excellent oral and written communication skills.
- Strong organizational skills and an ability to stay focused while managing multiple tasks concurrently.
Additional information We offer a competitive benefits package to include: paid holidays, paid time off, medical, dental, vision, company paid long and short term disability and life insurance, referral bonuses, certification reimbursement program, etc. It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations. We maintain a drug-free workplace and perform pre-employment substance abuse testing to include background checks.