Project Manager for Cyber Security Assessments - Arcfield

Overview:

Arcfield was purpose-built to protect the nation and its allies through innovations in digital transformation, space mission engineering and launch assurance, miniaturized sensors and satellites, advanced modeling and simulation, cybersecurity, and conventional and hypersonic missile support. Headquartered in Chantilly, VA with 16 global offices, Arcfield employs more than 1,500 engineers, analysts, IT specialists, and other professionals with more than 60 years of collective proven experience supporting missions in cyber and space defense, space exploration, hypersonic and nuclear deterrence and warfighter readiness. Visit arcfield.com for more details.

Responsibilities:

The Chief Information Security Officer (CISO) provides world class risk assessment services to protect the sponsor systems from cyber intrusion and misuse. The sponsor seeks a Project Manager for Cyber Security to provide expertise and suggestions for process improvement to streamline complex processes that affect multiple groups.

In addition, the incumbent will be performing independent technical reviews that reviews the work of project teams, Information System Security Engineers, Information System Security Managers (ISSMs), and assessor(s) and Quality Assurance personnel. These Technical Reviews are a critical component of the accreditation process for systems.

The

Project Manager for Cyber Security Assessments

will

provide:

• Programmatic

  Support

  to

  the

  Cyber

  Assessments

  Front

  Office

• Assisting

  sponsor leadership

  in

  implementing and

  managing the sponsor

  Project Management Framework (PMF).

• Providing assistance

  to

  sponsor leadership

  in

  tracking

  project

  status,

  timelines,

  and

  identifying

  key deliverables and the

  appropriate stakeholders

• Providing

  guidance and

  assurance towards consistent implementation

  of

  PMF

  fundamentals

  towards sponsor offices subcomponents

• Analyzing and suggesting ways to continue to provide quality assessments given a

  changing technical

  landscape

  and

  ava

  i

  lability

  of

  tools

  in

  the

  Cloud and other virtual-based computing environments

• Providing ad

  hoc

  meeting facilitation and

  technical

  documentation/recording of

  actions

• Assisting

  with

  office

  and

  organization-wide

  communications

  efforts,

  as

  needed

The time spent performing programmatic

support is

estimated to

be

60-65%

and

will

require

the

contractor to

work

closely with

senior

leadership

towards implementation

This

task

will

be

expected

to

coordinate closely with

sponsor officer

senior

leadership and subcomponent

leadership

to ensure quality and consistency in PMF implementation and support

• Independent Technical

  Reviews of

  information

  system submissions

  in

  the

  sponsor's system of record, to include

  • Recording recommended courses of

    action

    for

    senior leadership on

    each

    failed

    control.

    Each system coming through the system of record for authorization may have tens of failed controls which need adjudication.

  • Reviewing in

    the

    system

    of

    record

    control

    submissions from

    project

    teams,

    their Information System Security Manager (ISSM), and the assessor(s)/quality assurance (QA) to recommend

    an

    appropriate course

    of action (

    e.g.

    Risk Acceptance (RA) or Plan of Actions and Milestones (POA&M))

  • Examining

    the

    body of evidence (BOE) provided by the system owner, the specific recommendation

    from

    the

    ISSEM and

    the

    Assessor(s)

    views to

    form an independent opinion on

    whether or

    not

    each

    failed

    control

    should

    proceed

    to

    the Chief Information Security Officer (CISO) queue in the

    system of

    record

    with a recommendation for RA or POA&M.

The time spent performing technical reviews is estimated to be 30-35%

and

will

require

the contractor to view themselves as an

independent expert recommending

risk mitigation plans to senior leadership.

This position is

expected to require

minimal external

coordination

and

more

time

in

the

system of

record

recording

independent

judgement.

Qualifications:

• Must possess and be able to maintain a TS/SCI

  clearance

  with Polygraph.

• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a

  scientific or technical discipline.

• BS 10-12, MS 8-10, PhD 5-7

• Demonstrated experience with various cybersecurity related items to include Authorizations to Operate (ATOs), Authorization & Accreditations (A&As), and User Activity Monitoring (UAM).

• Demonstrated ability to apply critical thinking and use investigative mindset to comprehensively conduct technical reviews, evaluations, assessments of technical solutions.

• Exceptional written, presentation, and oral communications skills.

• Extensive knowledge and

  demonstrated

  experience in cloud-based computing environment supporting and administering cloud products & services.

• Firm understanding of how to leverage

  SecDevOps

  Agile methodologies.

• Experience setting up, configuring, and troubleshooting network services, equipment, and devices such as switches, routers, servers, firewalls, etc.

• In-depth knowledge of cybersecurity, cloud computing (

  esp.

  AWS) and data/application security technologies

• Have a record of securing various manufacturers' solutions such as Windows and Linux to an enterprise level.

• Solid understanding of role-based access control (RBAC), hardening of operating systems, and documentation.

• Demonstrated experience working and interacting

  with

  other engineering groups to define, document, analyze, perform, and interpret tests of products, systems, or components.

• The ability to analyze systems, including forensically, for malware, misuse, and/or unauthorized activity.

• Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence.

• Community reporting, security events,

  firewall

  logs, forensic hard-drive images, and other data sources to

  identify

  malware, misuse, unauthorized

  activity

  or other cyber security related concerns.

• Knowledge of computing design concepts and implementation.

• Knowledge of network defense monitoring tools and systems

Desi

red Qualifications:

• Experience securing legacy, hybrid, and cloud-based solutions.

• CISSP certification or similar cyber security training and certificates.

• Familiarity with sponsor tools, system of record for A&As, regulations.

• Ability

  to

  provide

  technical

  cyber

  security

  guidance.

• Ability

  to

  convey

  technical

  information

  to

  non-technical

  individuals.

• Ability

  to

  create

  complex

  system

  designs,

  resolving engineering

  problems, and

  propose preventative strategies.

• Ability

  to

  work

  in

  a

  dynamic

  and

  challenging

  environment.

EEO Statement:

EEO

Arcfield proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active-Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.