Cybersecurity Policy & RMF Analyst

Job Description

Company: Concept Plus

About the role

Concept Plus is seeking a Cybersecurity Policy and RMF Analyst to provide Risk Management Support to identify shortfalls in the assessment and authorization process, track and manage Risk Assessments, assist in implementing a Risk Management strategy and tie together the business continuity of operations plan (COOP) and the IT COOP plans.

What you’ll do

• Adhere to the DoD cybersecurity policy requirements set forth in DoDI 8500.01, “Cybersecurity,” and DoDI 8510.01, “Risk Management Framework (RMF) for DoD Information Technology (IT)” and their successors.
• Monitor identified risks and track response actions to ensure they support the customer Risk Management Strategy and are properly documented in a risk registry.
• Provide recommendations to business and IT leaders on best business practices followed in the industry to mitigate or remediate risks • Schedule, conduct, and track RMF validations for each IT Portfolio.
• Review of security controls, as part of a risk assessment, as needed to support an Authorization to Operate (ATO) of an investment.
• Review vulnerabilities and identify potential risks based on the type of vulnerability and the potential impact.
• Identify actions needed to protect information flows to ensure adherence to legal and regulatory standards.
• Coordinate the development of plans and procedures to ensure that business-critical services are recovered in the event of a digital risk event. • Facilitate and support the development of asset inventories, including digital assets in cloud. • Track all technology requests.
• Track open vulnerabilities and provide a status on each open risk for each IT Portfolio / Investment. Ensure POAMs are current and reflects all known weaknesses.
• Stay up-to-date with the latest Azure and FedRAMP regulatory changes and industry trends, advising teams on potential impacts and necessary adjustments.

Required Qualifications

• US Citizenship
• Active DoD Secret Clearance (or able to obtain
• Bachelor’s Degree in an IT related field
• Meet DoD 8570/8140 Information Assurance Technician (IAT) Level II or Higher (Sec+ CE or Higher)
• 1+ Years Experience with the Risk Management Framework Process
• 1+ Years Experience operating the Enterprise Mission Assurance Support Service Application (eMASS)

Preferred Qualifications

• Experience in performing IT audits, security planning and policy development
• An understanding of related information technology (e.g. firewalls, VPN, virtualization, identity management systems etc.)
• Knowledge of domain structure, user authentication, data encryption, access audits and end-use security best practices
• CompTIA CySA+, CEH and/or CompTIA Pen Test+ Certifications a plus

Source: Ladders