Search

Risk Management Framework Validator

KINAOLE SERVICE CENTER
locationWahiawa, HI 96786, USA
PublishedPublished: 6/14/2022
Real Estate
Full Time

Job Description

Job Description

Ho'olaulima Government Solutions LLC (HGS) is a Small Business Administration-certified, Native Hawaiian Organization-Owned, 8(a) Small Business which provides services and solutions in the areas of Cybersecurity Services, Information Technology Services, Professional and Technical Services, Environmental Services, and Healthcare Services to the Department of Defense and other Federal agencies.

HGS is a wholly-owned subsidiary of the Kina'ole Foundation, a 501(c)(3) non-profit established to benefit Native Hawaiian communities.

You will receive a comprehensive benefits package that includes:

  • Health insurance
  • Dental insurance
  • Life insurance
  • Professional training reimbursement
  • 401K
  • Disability insurance
  • ...and much, much more!

Job Description: Under the supervision of the Operations Manager, the Operator I (CSWF) shall perform the following duties:

Duties and Responsibilities:

  • Provide recommendation, support and advice in the implementation, management, maintenance and growth of the commands A&A program.
  • Provide subject matter expertise in support of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process.
  • Provide NCTAMS PAC and four subordinate commands RMF support to ensure the Naval Authorization Official's (NAO) requirements have been met for all NCTAMS PAC and subordinate commands owned systems.
  • Perform security control assessments on RMF packages before submission to Echelon II, Security Control Assessor (SCA), Security Control Assessor Liaison (SCAL), and the NAO.
  • Perform risk assessments on NCTAMS PAC and subordinate commands owned circuits, systems, or other information system that processes, stores, transmits and/or displays DoD/DON information based on findings from Security Control Assessment. Provide articulated findings in the required reportable format as defined by NAO, which include but are not limited to DISA manual STIGs, DISA automated SCAPs, and Tenable's ACAS security tools.
  • Organize and update weekly Authority to Operate (ATO) status tracker for all security packages within the NCTAMS PAC AOR. Provide weekly tracker status to the command A&A manager.
  • Utilizing Risk Assessment Report, Security Implementation Guide (STIG) Checklists, Assured Compliance Assessment Solution (ACAS) and other tools provided by the Government, analyzes the results of general cybersecurity- related technical problems relating to risk, threats, vulnerabilities, mitigation, or remediation analysis of information systems and applications throughout the systems development life cycle (from inception to decommission). Provide analysis, updates, and reports via eMASS in support of the command Assessment & Authorization (A&A) Manager.
  • Assist Government personnel in the affected areas in the completion of RMF documentation and procedures required to obtain an accreditation (e.g. Authority to Operate (ATO), Authority to Operate with Conditions (ATO w/ Cond), Authority to Connect (ATC), Authority to Connect with Conditions (ATC w/ Cond), etc.) for NCTAMS PAC and subordinate command owned sites and systems.
  • Within six months of hire, achieve Navy Qualified Validator (NQV) certification in order to conduct security control assessments of RMF packages.
  • Assist Government personnel in the affected areas with the implementation, evaluation, and direction in the development of RMF required artifacts to include, but not limited to, Security Plans, Security Assessment Plans, Continuous Monitoring Strategy, Test Plans, Risk Assessment Reports (RAR), and Plan of Action and Milestones (POA&M) for NCTAMS PAC and AOR security packages.
  • Assist the A&A manager with processing Boundary Change Requests (BCR) for the IT- 21 PRNOC Enterprise by verifying the relevant A&A information for the target systems are valid prior to processing. These actions include confirming that a valid ATO exists for the target system as well as ensuring the associated ports, protocols and services for the proposed source/destination IPs are both DISA Category Assurance List (CAL) compliant and properly registered for boundaries 07 and 08 within the system's Ports, Protocols, and Services Management (PPSM) record. All Urgent BCRs must be processed within 3 business days whereas routine BCRs are to be processed within 5 business days, per NAO's requirements.
  • Other duties as assigned by Supervisor.

Education/Certification Requirements:

  • All work performed by contracted personnel onsite will be in spaces and on systems cleared for TOP SECRET/SCI. As such, a valid TOP SECRET/SCI eligible clearance will be the minimum requirement for work performance.
  • This position requires a Counter Intelligence Security Polygraph (CSP). If for any reason the contractor cannot maintain his/her clearance or the required polygraph is failed, the contractor will be unable to continue work on the contract.
  • Contractor personnel shall have the required security clearance prior to commencement of work based on a current, Office of Personnel Management (OPM) conducted background investigation with no break in service greater than two years, commensurate to the level of eligibility and access required for the position

HGS is an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...