Provide support to collect metrics across Agency in support of Federal laws, as well as IC and DoD requirements including FISMA, ICD 503, and Key Information Sharing and Safeguarding Indicators (KISSI). The candidate shall coordinate, evaluate and provide recommendations concerning NGA compliance with National, Intelligence Community, Department of Defense, and Congressional information assurance mandates, such as FISMA. Tasks include the following:
o Work across CS Divisions to submit, respond, and compile Directors Action Committee taskers.
o Prepare and provide periodic status briefings on network and systems assessment progress, findings, and remediation efforts.
o Prepare and gather information to provide FISMA annual report for the Agency.
o Gather information, prepare and provide FISMA quarterly updates for the Agency.
o Support the management of the external FISMA program, to include planning, scheduling, tracking final reports and other assigned duties.
o Gather information, prepare, and provide the Joint Forces Readiness Review (JFRR) reports (quarterly or as required by DoD).
o Prepare Computer Network Defense reports (annually or as required by DoD) for submission to DoD.
o Prepare and monitor project/program schedules for assigned activities and as needed for effective activity management.
o Prepare Monthly IA metrics reports (as transition to constant monitoring) and provide to government PM.
o Document meeting minutes and briefings for assigned activities and as needed for effective activity management.
o Assist with the semi-annual updates of IA strategic plan, implementation plan, budget and NGA's IA policies and instructions.
o Assist in leading, supporting, and/or facilitating Agency-level, Directorate-level, Office-level, and Division-level security assessments of NGA's information systems and networks, and remediation of IA vulnerabilities identified as a result of those assessments.
o Assist in leading, supporting, and/or facilitating Agency-level, Directorate-level, Office-level, and Division-level security assessments of NGA's overall enterprise security posture, and mitigation of IA findings and risks identified as a result of those assessments.
o Provide support to NGA's IA Program including development, collection, assessment, and reporting of IA metrics; development, implementation and maintenance of Agency-level information assurance plans and documents; and development, implementation, and execution of Agency- or Office- level IA special programs or projects as required.
o Assist in managing NGA's Information Assurance Workforce Improvement Program (IAWIP) including supporting contractor and government personnel certification efforts and NGA compliance reporting (DoD 8570 requirements).
o Provide support for Division-level activities including but not limited to Web-site maintenance; tracking of official tasker responses; budget planning/reporting and development of planning, reporting and archiving documents.
o Support NGA's IA outreach, collaboration, and communication activities with entities outside of the Agency by representing NGA at Intelligence Community, DoD, and other government meetings, briefings, and conferences.
o Ensure task activities and solutions are collaborated, coordinated, and/or approved as appropriate throughout the NGA enterprise as well as with other government and industry organizations, as required.
o Support full access for the periodic Independent Verification and Validation (IV&V) process including Configuration Management (CM) and documentation audits for tracking and resolution of findings for the DoD Computer Network Defense (CND) Service Provider.
Requires a Masters degree and 10 years of directly related experience, or a Bachelors degree and 12 years of directly related experience.
· Knowledge and experience in security disciplines including, but not limited to, information systems security, operations security, administrative security, personnel security, physical security and communications security.
· Knowledge of DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-55, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures
· Knowledge and experience of information systems security policies and practices, computer science, state-of-the-art security tools and applications, and a thorough knowledge of IT
· Knowledge of DoD/IC system security control requirements
· Knowledge of the capabilities and functionality associated with various technologies for organizing and managing information (e.g., databases, bookmarking engines)
· Knowledge of the capabilities and functionality of various collaborative technologies (e.g., groupware, SharePoint)
· Knowledge of the principal methods, procedures, and techniques of gathering information and producing, reporting, metrics development, and sharing intelligence
· Knowledge of the organization's core business/mission processes
· Knowledge of Personally Identifiable Information (PII) data security standards and security controls
· Skill in conducting information searches and analytical research and analysis
· Skill in conducting knowledge mapping (i.e., map of knowledge repositories)
· Skill in using knowledge management technologies
· Ability to match the appropriate knowledge repository technology for a given application or environment
· Minimum of 12 years' experience in systems engineering or requirements analysis as applied to the cybersecurity, information assurance or related field; candidate must have experience with application of security controls to information systems.
Experience with XACTA, Microsoft Office Suite products and briefing senior leadership.
EDUCATION & EXPERIENCE:
Typically requires a Master's degree or equivalent experience and 12 years related experience.
Level III 8570 Certification Required at the time of hire.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.