Subject Matter Expert - Program Cybersecurity (USCG Acquisition)

Job Description

Job Description

As we are bidding to support the U.S. Coast Guard (USCG), Metrics LLC is seeking an experienced and certified Subject Matter Expert (SME) in Program Protection and Cybersecurity to provide high-level, technical, and policy guidance for USCG's major and non-major acquisition programs. This position is essential for ensuring that systems are developed with security integrated from the start, in compliance with federal mandates and best practices.

The SME will leverage expert knowledge of Program Protection and Cybersecurity policies to conduct critical analyses, develop key documentation, and advise program leadership on security risks and mitigations across the entire acquisition lifecycle.

Primary Responsibilities

• Policy & Compliance Expertise: Serve as the authority on Cybersecurity and Program Protection for acquisition programs, ensuring full compliance with federal requirements.
• • Apply expert-level knowledge of DHS and DoD Cybersecurity policies, including the requirements outlined in the 2017 DHS/DoD Memorandum of Agreement concerning information sharing and cross-domain security.
  • Leverage expertise in NIST Special Publications 800-160 (System Security Engineering) and 800-37 (Risk Management Framework) to guide program activities.
• Risk Management Framework (RMF): Lead or support the implementation of the Risk Management Framework (RMF) activities across all phases of the acquisition life cycle.
• Criticality Analysis and Program Protection: Conduct and guide foundational security analyses:
• • Perform Critical Program Information (CPI) analysis to identify classified or sensitive technologies.
  • Conduct Criticality Analysis (CA) to identify Critical Functions and Components whose compromise would jeopardize mission success.
  • Lead the development and update of the Program Protection Plan (PPP), ensuring it integrates system security engineering principles and countermeasures.
• Requirements & Design: Provide expert guidance on the development of security requirements and validation methods for new systems, ensuring security is built-in, not bolted-on.
• • Apply knowledge of system security engineering principles throughout system architecture and design.
• Review and Assessment: Review and provide authoritative feedback on critical program documents for completeness, compliance, and risk posture:
• • Acquisition Cybersecurity Strategy (ACSP)
  • Program Protection Plans (PPP)
  • Risk Assessment Reports (RAR)
  • Cybersecurity Risk Recommendation Memos (CRRM)
• Guidance & Engagement: Develop and recommend new Cybersecurity and Program Protection policy development initiatives. Facilitate effective stakeholder engagement with security and operational communities across the USCG and DHS.

Minimum Qualifications

• Education: Bachelor’s Degree in Cybersecurity, Information Technology, Systems Engineering, or a related field.
• Experience:
• • A minimum of 15 years of progressive experience in Cybersecurity, Information Assurance, or Program Protection, with significant experience supporting federal government acquisition programs.
  • A minimum of 10 years of experience working directly with or for the U.S. Coast Guard (USCG) or Department of Homeland Security (DHS), preferably in a program protection or systems security role.
• Expertise:
• • Expert-level knowledge of Cybersecurity and Program Protection concepts and implementation.
  • Deep understanding of DHS and DoD Cybersecurity policies, including the 2017 DHS/DoD Memorandum of Agreement.
  • Expertise in applying NIST Special Publications 800-160 and 800-37.
  • Demonstrated experience with the Risk Management Framework (RMF).
  • Proven ability to conduct CPI analysis, Criticality Analysis (CA), and PPP development.
  • Experience developing and validating security requirements.
  • Ability to review and provide comprehensive feedback on ACSP, PPP, RAR, and CRRM documents.
• Skills: Exceptional policy development, written communication, and stakeholder engagement skills.

Preferred Qualifications

• Certification: Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
• Acquisition Certification: FAC-C (Professional) or DAWIA Level III in Program Management, Systems Planning, Research, Development, and Engineering (SPRDE), or Business-Technical Management.
• Prior Roles: Prior experience serving as a Program Protection Lead or Information System Security Manager (ISSM) for a USCG or DoD acquisition program.
• Technical Knowledge: Experience with security testing, evaluation, and Authorization to Operate (ATO) processes.

Company DescriptionProviding quality government consulting in today's resource constrained environment, Metrics LLC balances proven best practices with innovative approaches. Our result: Highly effective outcomes and highly competitive solutions. For more information, go to https://www.metrics-llc.com/home.html

Company Description

Providing quality government consulting in today's resource constrained environment, Metrics LLC balances proven best practices with innovative approaches. Our result: Highly effective outcomes and highly competitive solutions. For more information, go to https://www.metrics-llc.com/home.html