Cyber Risk Management Analyst bei Astrion

Cyber Risk Management Analyst

LOCATION: Washington DC / Remote 
Having regular access to SIPR

JOB STATUS: Full Time

CLEARANCE: Secret

Astrion has an exciting opportunity for a Cyber Risk Management Analyst  to join our team, with the option to work either in our office in Washinton DC or Remote.

Cyber Risk Management Analyst  will be supporting the Program Executive Office Integrated Warfare Systems Above Water Sensors Directorate's (PEO IWS 2.0) Information Systems Security Manager.

Hybrid or remote work is allowed with limitations.

• Applicants must have the ability to regularly access SIPR at SPA’s 20 M Street office located in Washington DC. In rare circumstances, having regular access to SIPR elsewhere is suitable

REQUIRED QUALIFICATIONS / SKILLS

• Experience with Department of Navy (DON) Risk Management Framework (RMF)
• Experience with Enterprise Mission Assurance Support Service (eMASS)
• Minimum 3 years of demonstrated expertise evaluating cyber compliance of a system against current Risk Management Framework (RMF) policies including experience conducting assessments using ACAS, STIGs and SRGs
• Proficiency with MS Office suite to include MS Visio
• DoD Cybersecurity Workforce (CSWF) IAT II certification (i.e. Security + CE)

DESIRED QUALIFICATIONS / SKILLS

• Current Navy Flankspeed access, SIPR token, and CAC is strongly desired
• Bachelor’s degree
• Fully Qualified Navy Validator (FQNV) Level II or above
• DoD 8570 Information Assurance Management (IAM) III or IAT III Certification
• Knowledge of Navy IT sites, systems, and infrastructure, including Assess Only and PIT
• Knowledge of applicable Navy systems, networks, and IT infrastructure
• Experience working in a DoD acquisition program office environment

RESPONSIBILITIES

• You will provide direct support to the U.S. Navy’s Program Executive Office Integrated Warfare Systems Above Water Sensors Directorate's (PEO IWS 2.0) Information Systems Security Manager.
• You will be responsible for the Authorization and Assessment (A&A) review process for over 30 new and existing above water sensor and laser systems ensuring that RMF cybersecurity requirements are satisfied in accordance with applicable DOD, NIST, Department of the Navy (DON), and NAVSEA series instructions.
• You will provide Navy Risk Management Framework (RMF) cybersecurity support by performing full package review of RMF process steps, as defined in the Navy's RMF Process Guide and Business Rules.
• You will conduct in-depth reviews of authorization packages and artifacts within Enterprise Mission Assurance Support Service (eMASS), reviewing, analyzing, and reporting on current authorization statuses for all systems within PEO IWS 2.0’s portfolio and review Security Assessment Plans, System-Level Continuous Monitoring Plans, Implementation Plans, Security Control Tailoring Plans, Plans of Actions and Milestones, and Security Assessment Reports.
• You will also advise the ISSM and other program stakeholders regarding A&A cybersecurity matters to include change control, IAVM, EXORD’s, FRAGO’s, DoD and DoN Policy.
• You must have the ability to work independently and produce high quality work with little to oversight on products.