Leidos hiring for Information Assurance Manager jobs in Fort Belvoir, VA, US
Description
The primary mission of the United States Mint is to serve the American people by manufacturing and distributing circulating, precious metal and collectible coins and national medals, and providing security over assets entrusted to us. Its cyber security program is one of the United States Mint’s critical needs and one of the most pressing priorities for the bureau’s Information Technology Department (ITD). The Information Technology Department is responsible for securing not only standard information technology infrastructure, but also an Industrial Control System (ICS)/Supervisory Control and Data Acquisition (SCADA) infrastructure. ISD is responsible for maintaining regulations and requirements governing federal IT security, addressing the increasing frequency and sophistication of cyber-attacks, and supporting an overarching effort of continuous organizational improvement and maturity. ITD maintains a continuous monitoring policy and a heightened focus on cyber security compliance and operations.
The Leidos USMINT Cybersecurity Operations Support Services program has a current need for an Information Assurance (IA) manager. The IA manager will be responsible for leading the ISSO team and enterprise vulnerability team to create, revise, document and maintain the overall security related policies, procedures, laws and regulations; as well as creating, documenting and implementing various security plans and compliance documents to enforce Information Assurance principles. The IA Manager will lead the assessment, development and implementation of NIST 800-53 rev.5 security controls set in place to preserve the integrity and security of sensitive data and information stored and processed by various network systems. The IA Manager will review client/department information security systems and recommend improvements/solutions to ensure compliance to USMINT policies/mandates.
Primary Responsibilities:
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Mange the development of A&A packages that include SSPs, CPs, POA&Ms, and other relevant security documentation for existing and new systems.
- Lead implementation of information assurance/security standards and procedures.
- Provide oversight to develop and implement common control catalog.
- Provide oversight to execute ATO System Owner Briefings on a weekly or biweekly basis as requested by CISO or System Owner. Brief system owners and/or CISO on the status of the ATO package, change request, and vulnerabilities for the system.
- Review and update documentation of systems for acquiring ATO using RMF, including coordination with stakeholders to close any outstanding issues.
- Provide oversight to prepare, track, and coordinate Security Impact Assessments (SIA) as needed for approved changes that impact each system. Communicate status of SIA change request to system owner. Develop an SIA checklist for consistency.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Use workflows to develop security artifacts with assessors in preparation for assessment.
- Manage POA&Ms lifecycle and provide POA&M resolution guidance to address open vulnerabilities.
- Lead audits of all U.S. Mint IT systems user accesses quarterly to ensure user access is removed promptly upon termination, both voluntarily and involuntary, to include changing any combination locks, user account activation or deactivation and system service passwords as needed. Provide audit report to CISO and ISD Branch Chiefs.
- Attend Change Advisory Board (CAB) and Application Tower meetings as representatives for U.S. Mint Information Security Division.
- Manage and maintain an Annual Security Authorization schedule which provides an overview of all U.S. Mint system A&A projects.
- Manage and maintain system A&A project schedules for each system and report to the System Owner, CISO, and Compliance branch weekly on each schedule.
- Conduct initial review and assessment of the owning-organization’s A&A package for systems that the U.S. Mint acquires services from, including but not limited to systems with FedRAMP ATOs sponsored by non-U.S. Mint agencies and Treasury systems, to determine inherited risk and report on this risk in the U.S. Mint’s Authorization Deliverables for these systems.
- Lead security assessment functions in accordance with NIST CONTRACTOR 800-53A, ensuring separation and independence between those performing ISSO functions from those performing Assessor functions for a given system.
- Lead timely and effective support, gathering, and tracking of necessary artifacts for IT-related audit requests, including A-123, FISMA, Financial Statement and Payment Card Industry (PCI) and any other audits sponsored by Treasury.
- Manage Enterprise Vulnerability and Compliance Scanning Program
- Lead efforts to develop and maintain a Vulnerability Management Dashboard which tracks vulnerability management efforts across the enterprise.
- Interface with external vulnerability scanning entities, including but not limited to TCSIRC/GSOC, DHS, and external scanning vendors for PCI compliance. Coordinate with ISD and other U.S. Mint personnel on scope and target of scanning activities to develop recommended tools, methods, and approach for scanning to be performed.
- Lead reviews of vulnerability scans from internal and external sources and report any relevant
Basic Qualifications:
- Experience leading a team of various skill levels.
- Minimum of 5 years of experience as an IA lead supporting major federal information systems/applications
- Must possess the following industry certification
- Deep understanding of Information Assurance, Information Technology and Information Management concepts, processes and procedures
- At least 5 years of experience in one of the following areas: knowledge of current security tools, hardware/software security implementation, communication protocols or encryption techniques/tools
- Knowledge with auditing security controls and financial processes
- Knowledge of Cloud service offerings (ie, PAAS, SAAS) and cybersecurity practices
- Knowledge of Cloud Computing Security Authorization processes, procedures, security requirements, and Cloud Service Providers (CSPs)
- Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
- Superior writing, communication and critical analysis skills
- Ability to obtain Public Trust clearance
Education & Experience:
- Requires BS degree and 5 years of prior relevant experience or Masters with 4 years of prior relevant experience. May possess a Doctorate in technical domain.
Pay Range:Pay Range $101,400.00 - $183,300.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
#Remote
Original Posting Date:01/26/2024
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.