View Job

$3,000 Referral Bonus for this position!

Come join our growing team with a 21st Century Vision! At KaylaTek, we understand that the key to our success is the quality of the people we employ. Our focus is not just on jobs, but on building and enhancing your career through ongoing professional development, training, and high quality of life. Our team members choose KaylaTek for a number of reasons including our competitive compensation and benefit packages, dedication to education, as well as our outstanding service. Our Grow Strong Vision encompasses a place for employees to grow, learn and feel a sense of belonging, not just a place to work.

Employee Benefit Offerings

Medical, Dental, Vision, 401(k) with company matching, Short-Term and Long-Term Disability, Life and AD&D Insurance, Paid Time Off, 11 Paid Holidays, Employee Assistance Program (EAP), Professional Development Program, Military Leave Support and much more.

Job Site: Pentagon - 100% onsite - no telework

Shift Hours: Day-Shift; core support hours are 0600 -1800. This is a 24/7/365 support environment; off-hours response/support may be required, however only standard M-F core hours working time for current position.

Overview: KaylaTek is seeking an experienced Risk Management Framework Lead to support the AFNCR IT support contract at the National Military Command Center (NMCC), Arlington VA

Certifications required: Security + and DoD 8570 IAM 2 or equivalent

Roles and Responsibilities:

• Lead execution of the Risk Management Framework to authorize IT systems.
• Perform tasks delegated by the ISSM in support of various information assurance /cybersecurity programs such as security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures including System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM).
• Oversee system security control assessments in support of initial Authorization to Operate (ATO) decisions and continuous monitoring/ongoing authorization.
• Planning, coordinating, and implementing the organization's information security.
• Plan, initiate, and manage information technology (IT) projects. Lead and guide the work of technical staff.
• Develop and control deadlines and activities.
• Prepare reports for senior leadership.
• Validate the deliverables and submit them to the government for final review, sign-off, and submission.
• Provides oversight and approval of technical approaches, products, and processes.
• Manages, develops, and motivates employees.
• Develops and executes project and process plans, implements policies and procedures, and set operational goals.
• Supervises teams, establishes milestones, and monitors adherence to operation plans and schedules.
• Provide technical analysis and supporting information throughout cybersecurity risk management activities such as: categorization of an information system, selection of security controls, implementation of security controls and provide comprehensive assessments of an organization's risk posture.
• Apply a full range of Cybersecurity policies, principles, and techniques to maintain the security integrity of information systems processing classified information.
• Input and maintain system documentation into government record-keeping systems like Xacta and eMASS.
• Perform risk analysis whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework process activities and related documentation.
• Leading, completing, and delivering all Security Authorization documentation in a timely manner and ensuring no negative impact to the Authority to Operate (ATO)
• Ensure that the controls within the security controls baseline are in place and functioning as intended to protect data.

Roles and Responsibilities:

• Lead execution of the Risk Management Framework to authorize IT systems.
• Perform tasks delegated by the ISSM in support of various information assurance /cybersecurity programs such as security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures including System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM).
• Oversee system security control assessments in support of initial Authorization to Operate (ATO) decisions and continuous monitoring/ongoing authorization.
• Planning, coordinating, and implementing the organization's information security.
• Plan, initiate, and manage information technology (IT) projects. Lead and guide the work of technical staff.
• Develop and control deadlines and activities.
• Prepare reports for senior leadership.
• Validate the deliverables and submit them to the government for final review, sign-off, and submission.
• Provides oversight and approval of technical approaches, products, and processes.
• Manages, develops, and motivates employees.
• Develops and executes project and process plans, implements policies and procedures, and set operational goals.
• Supervises teams, establishes milestones, and monitors adherence to operation plans and schedules.
• Provide technical analysis and supporting information throughout cybersecurity risk management activities such as: categorization of an information system, selection of security controls, implementation of security controls and provide comprehensive assessments of an organization's risk posture.
• Apply a full range of Cybersecurity policies, principles, and techniques to maintain the security integrity of information systems processing classified information.
• Input and maintain system documentation into government record-keeping systems like Xacta and eMASS.
• Perform risk analysis whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework process activities and related documentation.
• Leading, completing, and delivering all Security Authorization documentation in a timely manner and ensuring no negative impact to the Authority to Operate (ATO)
• Ensure that the controls within the security controls baseline are in place and functioning as intended to protect data.

Required Qualifications:

• Top Secret-SCI - Active security clearance
  
• Must hold active Security+, CISSP, CISA, or equivalent certifications (DoD 8570 IAM 2 equivalent)
• At least 5 years of direct experience and in-depth working knowledge of FISMA and NIST Information Security Guides
• Advanced written and verbal communication skills
• Experience with certification and accreditation (C&A) or A&A and as a security control assessor or validator.
• Experience with developing, implementing, and maintaining guidelines, policies, and procedures supporting a cybersecurity program.
• Strong knowledge of the NIST Cybersecurity Framework
• Experience with NIST special publications (SPs) regarding the A&A process, including SP 800-53, SP 800-137, SP 800-171, and SP 800-37
• Experience with developing and managing continuous monitoring and plans of action and milestones (POA&M)
• Experience with assessing systems following federal cybersecurity guidelines and best practices.
• Experience presenting to clients or other decision makers to present and sell ideas to various audiences (technical and non-technical)
• MUST BE A US CITIZEN

Preferred Qualifications:

• Bachelor's degree or equivalent work or military experience
• 8+ years of experience in cybersecurity policies and implementation of Risk Management Framework (RMF): e.g. DAAPM, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series
• Experience developing and managing strong relationships with partners (internal & external) and government customers and representatives.
• Experience working with a government agency in a compliance capacity
• Experience in cross-functional leadership, collaborative problem solving, building lasting relationships & proficiency in written and verbal communication
• Experience with project management in a leadership capacity
• Experience with risk analysis and assessment determinations
• Experience with eMASS
• Experience with Xacta

Apply Directly on our website at https://kaylatek.isolvedhire.com/jobs/950625.html

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

COMMITMENT TO DIVERSITY

KaylaTek is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

E-VERIFY AND BACKGROUND CHECKS

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. KaylaTek participates in the DHS e-Verify program. KaylaTek also conducts a background check on all candidates post offer though PROScreening LLC.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form (I-9) upon hire. KaylaTek participates in the DHS e-Verify program. KaylaTek also conducts background checks (criminal, education, prior employment and professional certifications/licensing) on all candidates post offer though PROScreening LLC. 

The Air Force National Capital Regional (AFNCR) IT Services Contract also requires pre-employment drug testing and annual drug testing for all hires to work on contract with the Air Force.  This is at no cost the candidate/employee