SMS is a fast growing, veteran-owned business that's has supported Federal Government's IT initiatives for over four decades. We work side-by-side with our Federal clients as a trusted, long-term partner to offer innovative advice and leadership to solve their most pressing and complex problems. We orchestrate people, strategies, technologies and best-of-breed business processes. The SMS advantage in management and technology consulting includes deep domain expertise in complex networking design and unifying communities of interest.
We have strong capabilities in design & build, planning, governance, quality management, security, analytics, virtualization, operations and business process improvement. For 40 years, SMS has brought customer satisfaction to Federal clients and formed lasting alliances with leading technology companies and talented small businesses to deliver joint, leading-edge, cost-effective services and products.
Submit your resume today!
A Senior Level Engineer that has experience in providing knowledge, techniques and/or capabilities related to system IA, certification and accreditation (C&A), documentation, security testing and vulnerability remediation. Candidate will support the Certification and accreditation process for administering Risk Management Framework (RMF) program. Candidate must also have experience in managing IT or IA related projects that required extensive and simultaneous documentation and coordination across multiple customers.
Essential Job Functions: For each assigned system with the support, authority, and resources to satisfy the responsibilities established in DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT). In accordance with DoDI 8500.01, Cybersecurity, the ISSM needs to be assigned in writing. The PM should ensure that the designated ISSM has the support, authority, and resources to satisfy the responsibilities established in DoDI 8500.01. Assignment of a qualified ISSM is one of the most important steps and should be accomplished as early as possible to ensure that applicable cybersecurity requirements are addressed in the system architecture and detailed design.
DoD Directive 8570.01, Information Assurance Training, Certification, and Workforce Management, current edition, provides guidance for the identification and categorization of positions and certifications of personnel conducting cybersecurity functions within the DoD workforce and should be used for selecting an ISSM. As the PM’s agent for ensuring compliance with DoD cybersecurity policies and regulations, the ISSM’s roles and responsibilities include
Support the PM in development of a POA&M and budget that addresses the implementation of cybersecurity requirements throughout the lifecycle of the system
Identify a cybersecurity team; the PM can designate the ISSM to chair a Cybersecurity (may be called Information Assurance) Working-level Integrated Product Team (WIPT) or sub-WIPT, executed under the authority of the Systems Engineering WIPT
Support implementation of the RMF
Maintain and report systems assessment and authorization status and issues in accordance with DoD Component guidance
Provide direction to the Information System Security Officer (ISSO) in accordance with DoDI 8500.01
Coordinate with the organization’s security manager to ensure issues affecting the organization's overall security are addressed appropriately
Continuously monitor the system or information environment for security-relevant events and configuration changes that negatively affect security posture
Periodically assesses the quality of security controls implementation against performance indicators, such as: security incidents; feedback from external inspection agencies, e.g., Office of the Inspector General (OIG) DoD, Government Accountability Office (GAO); exercises; and operational evaluations, including Director, OT&E cybersecurity assessments
Immediately report any significant change in the security posture of the system, and recommended mitigations, to the Security Control Assessor (SCA) and AO
Recommend to the SCA or AO a reassessment of any or all security controls at any time, as appropriate
Ensure that SSE processes are aligned to, and adequately documented in the program’s SEP and PPP, and are executed with sufficient rigor to ensure required security controls are implemented, resulting in the lowest level of residual risk to system operation
Ensure that cybersecurity inputs to program acquisition documents are prepared
Ensure that the program’s contractual documents, such as specifications, statements of work, or Contract Data Requirements Lists (CDRLs) incorporate appropriate cybersecurity language and requirements
Support SETRs by ensuring that entry and exit criteria include cybersecurity and are satisfied, and that design documentation meets the specified cybersecurity requirements
Ensure that security controls and requirements are properly allocated and documented in design specifications, technical publications and manuals, etc.
Ensure security controls and requirements are properly allocated and implemented in logistics or program planning documents
Ensure that security controls and requirements have been communicated and appropriately resourced by program budget documents and are reflected in the program’s requirements database
Ensure that integrated logistics support documentation (e.g., LCSP) incorporate cybersecurity considerations throughout the lifecycle of the system
Bachelor’s degree in a Business Management or MIS related field. Advanced degree is preferred
Must have and maintain an active DoD Secret security clearance
SMS is an Equal Opportunity Employer.
SMS is a veteran-owned network integrator established in 1976. With an employee retention rate averaging over 5 years, our ability to hire quality people and retain them in a rapidly evolving IT market proves why we are a world-class information technology company. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices. As a result, SMS is proud to be ISO 9001:2008 Registered and a CMMI Level 3 certified company, ensuring that we continue to meet and exceed the expectations of our customers, partners and employees.