Risk Management Framework SME

Arlington, VA

Posted: 09/10/2019 Job Number: JN -092019-11105

Job Description

Title: Risk Management Framework SME
Location: Arlington
Industry: DoD
Type: Contract to hire
  • The successful IA/RMF SME will support in ensuring that FDIC and information systems adopt and institute FDIC, RMF, and NIST standards and methodologies.
  • The effort will include RMF SME support for System Managers and the FDIC GRC Team in security categorization, security plan, implementation of security controls and risk assessments.
  • The effort will also include consulting support by providing RMF recommendations, training and guidance on all aspects of RMF.
  • The successful IA/RMF SME will have the ability to complete accurate documentation in all Microsoft product formats and provide information to the government task manager to use in briefing agency management.
  • Develop, document, and help implement a transition plan for moving from the current process to RMF processes, including updates to documentation and forms to align with proper NIST terminology. Create updated templates.
  • Submit recommendations for action by System Managers and RMF Team members.
  • Research and recommend a tracking mechanism for RMF requirements, artifacts, and approvals. Develop guidance, processes and procedures for creating and uploading artifacts, such as a system security plan. Disseminate and train process to key stakeholders.
  • Develop system RMF system project plans and support completion of activities on time. Track milestone dates and status of systems working through RMF Steps via existing or new RMF tracker.
  • Schedule and conduct meetings with key stakeholders providing guidance and direction, identifying and disseminating key milestones and actions, then track milestones to completion.
  • Perform annual (at a minimum) review of RMF related policies, procedures and templates. Draft updates to procedures and templates based on initial guidance, annual review, and lessons learned.
  • Advise customer to analyze security categorizations, provide training, guidance/suggestions to ensure correct categorization decisions and capture results. Review and draft or update, as needed, organizational security categorization guidance and procedures to allow consistent security categorization across systems.
  • Provide guidance and instructions for security control families, as needed, utilizing a Security Control Catalog to provide enhancements as needed to facilitate correct implementation of security controls at the program and system level.
  • Advise on proper conduct of risk assessments in accordance with RMF and NIST guidance for conducting risk assessments, including the Risk Assessment worksheet (or appropriate RMF documents) and determination of final risk determination and recommendation.
  • Provide guidance and recommendations for continuous monitoring technologies, leveraging current available technologies and recommending solutions to address gaps, as needed.
  • General Experience: Twelve (12) years of experience supporting information systems and technology.
  • Information Security Specialized Experience: Ten (10) years of experience in supporting information security products.
  • Bachelor of Science degree in Information Technology, IT Security, Network Systems Technology or related field or 4 years experience in lieu of degree plus twelve (12) years of directly related experience or any equivalent combination of education, experience, training and certifications.
  • Hands on experience with implementing Risk Management Framework (RMF) and NIST 800-37, Revision 2

Preferred qualifications:
  • Working knowledge of MS Office suite (Word, Excel, PowerPoint), MS Visio, and MS Project;
  • Knowledge of FDIC Cyber Security/IA/Privacy policies

About Us: SRG Government Services (SRG) is a leading provider of information technology, training, engineering, accounting and intelligence analytical services for agencies in the intelligence, defense, homeland security, cyber security, and federal civilian markets. SRG utilizes an innovative approach to identify and qualify talent that is unique to the federal contracting industry, featuring a cutting-edge platform that allows us to rapidly and precisely match professionals to client requirements. We have a proprietary database of over one million candidates and maintain continuous contact with our qualified talent.

Keywords: Cybersecurity Threat Analyst, threat, vulnerabilities, cloud, Top Secret, TS, clearance, polygraph, poly, CI poly, FSP, full-scope poly, software, IPv4, TCP/IP, RFC data, TCP/UDP Ports, Powershell, Python, Java, EnCase, firewalls, IDS, servers, work stations, Red Team, Penetration Testing, netflow, syslog, incident categories, incident responses, Network Analytics, Incident Investigations, Reverse Engineering, Malware Analysis, Task Prioritization

Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.