Information Assurance/ Information Security Specialist II
Las Vegas, NV
Information Assurance Primary Responsibilities
Support analysis and develop cybersecurity recommendations to address ongoing and emerging issues
Ensure all cybersecurity processes are documented.
Conduct process analysis
Provide recommendations for process improvements.
Conduct Assessment and Authorization and/or Risk Management Framework activities as directed
Assist the AO and ISSM in developing and maintain cybersecurity documentation.
Assist the AO and ISSM to develop corrective action plans, receive approval, and track implementation of corrective actions in designated tool
Respond to data calls
Support and participate in projects
Provide Cybersecurity Policy Subject Matter Leadership in the area of Cybersecurity Governance policy and enterprise standards including the review and comment on Governance related issues via the RevCom and governance processes.
Use specified eGRC tool to gather and present relevant data to support reporting, including Archer dashboard for PEMP related metrics where appropriate extracts and reviews for each performance evaluation cycle
Present cybersecurity metrics, inspection metrics, and enterprise risk management measures via dashboards for situational awareness.
Assess the implementation of cybersecurity policies focused on oversight and governance by Federal staff at NNSA site offices.
Review site cybersecurity policy implementation for compliance.
Maintain a Cybersecurity Improvement Plan which consists of approved mitigations; participate in self-assessments and surveys; implement and track corrective action plans for all reportable findings.
Typically requires BS and 4 – 8 years of prior relevant experience or Masters with 2 – 6 years of prior relevant experience.
Experience with Archer
DoD 8570 IAT Level II or higher
Knowledge of NIST SP 800-37, CNSSI 1253, FIPS 199 and NIST SP 800-53
Knowledgeable in RMF accreditation processes
Ability to create metrics, documentation, presentations, and procedures and communicate results effectively.
Experience in auditing security controls
Knowledge of Continuous Monitoring
Experience in scanning and interpreting scan results.