INFORMATION SYSTEMS AUDITOR
Description
*This is a contingent opportunity
Conducts technical cyber and communications vulnerability assessments of computer networks, other technology (OT) systems telecommunications and other communications systems.
Duties:
- Perform oversight of the development, implementation and evaluation of IS security program policy; special emphasis placed upon integration of existing network infrastructure
- Advise the Information System Owner (ISO), Information Data Owner (IDO), Program Security Officer (PSO), and the Delegated and/or Authorizing Official (DAO/AO) on any assessment and authorization issues
- Evaluate Authorization packages and make recommendation to the AO and/or DAO for authorization
- Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required
- Advise the Government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system
- Ensure security assessments are completed and results documented and prepare the Security Assessment Report (SAR) for the Authorization boundary
- Initiate a Plan of Action and Milestones (POA&M) with identified weaknesses for each Authorization Boundaries assessed, based on findings and recommendations from the SAR
- Evaluate security assessment documentation and provide written recommendations for security authorization to the Government
- Discuss recommendation for authorization and submit the security authorization package to the AO/DAO
- Assess proposed changes to Authorization boundaries operating environment and mission needs to determine the continuation to operate.
- Review and concur with all sanitization and clearing procedures in accordance with Government guidance and/or policy
- Assist the Government compliance inspections
- Assist the Government with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken
- Ensure organization are addressing and conducting all phases of the system development life cycle (SDLC)
- Evaluate Hardware and Software to determine security impact that it might have on Authorization boundaries
- Evaluate the effectiveness and implementation of Continuous Monitoring Plans
- Represent the customer on inspection teams
Experience:
- 5 - 7 years related experience
- Minimum of three (3) years’ experience in SAP, SCI or Collateral Information Systems (IS) Security and the implementation of regulations identified in the description of duties
- Prior performance in the role of ISSO and ISSM
Education:
- Possess a Bachelor's degree in a Computer Science, Computer Engineering, Electrical Engineering, or a related technical discipline. In lieu of a degree, commensurate operational experience may be substituted.
Certifications:
- Possess IAT Level II certifications and CSSP Analyst computing environment certification as defined and described in Joint Publication 3-13 Information Operations and 3-12 Cyberspace Operations, DoDI 8500.1and DoD 8570.01 and 8570.01-M.
Other Requirements:
- Possess a working knowledge of computer network architecture and network diagraming.
- Possess a working knowledge of Computer Network vulnerability/compliance analysis software.
- (Desired) Prior experience supporting DoD Nuclear Command, Control & Communications (NC3) and Defense Critical Infrastructure (DCI).
Additional Requirements:
- Accept worldwide deployments which include high threat permissive areas presenting some risks to personal safety.
- Submit to immunization for worldwide travel.
Security Clearance:
- Current Top Secret clearance with SCI eligibility
Benefits: K2 Group’s benefit offerings include: Medical/ Dental/ Vision Insurance; FSA Medical & FSA Dependent Care; Pre-tax 401(k) & ROTH 401(k) plans; Profit Sharing Plan; Life & Accidental Death Insurance; Short Term/ Long Term Disability; Voluntary Group Life Insurance option; Tuition Reimbursement; Job-related Course Reimbursement; Holiday Pay; and Paid Time-Off.