Cybersecurity Assessment and Authorization Subject Matter Expert (SME)

Responsibilities

• Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control), and determines the possible ramifications on the system’s current or future authorization. 
• Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
• Responsible for performing preventative and reactive activities aimed at enhancing the overall IA posture.
• Provide full IA support and services as stated below, which are necessary to meet the requirements of DLA IA. 
• Ensure compliance with Federal, DoD, and DLA information technology and security requirements, polices, procedures, and standards as applicable. 
• Work with Government personnel (program managers, project managers, system managers, system developers, the DLA Computer Emergency Response Team (CERT), IA professionals, etc.) at the enterprise and enclave levels to ensure implementation of appropriate IA controls for EWSC. 
• Provide IA support to assist in ensuring compliance with Federal, DoD, and DLA IA policy and perform daily activities required for Certification & Accreditation (C&A).
• Support for requirement to complete the DoD Information Assurance Certification and Accreditation Process (DICAP), Risk Management Framework (RMF) for DoD IT processes, and achieve Authority to Operate (ATO) as applicable.
• Complete design, development, edit, modification, and implementation of all documentation and participate in all security-testing efforts as required.
• Monitor and actively report on the status of all elements within Plans of Action & Milestones (POAM) associated with IA requirements, weaknesses, and vulnerabilities until resolution or remediation.
• Perform additional IA support services as identified within the scope of services for the Task Order.

Requirements:

• Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience
• DoD cybersecurity experience
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
• Experienced in the general tenets supporting the overall DOD implementation of its
• authorization process, to include supporting cybersecurity policy, procedures, and processes.
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and
• Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures.
• Position Sensitivity: Non-Critical Sensitive (Formerly IT-II or IT-2)
• Investigation Requirements: Must possess a favorable Tier 3 (T3) NACLC/ANACI
• Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes.