Risk Management Framework (RMF) SME

SMX is seeking an RMF Subject Matter Expert to support USINDOPACOM PEO-C4’s of programs. This position is onsite at Camp H.M. Smith Marine Corps Base in Hawaii.

This position requires a DoD Secret security clearance with the ability to obtain a TS/SCI which requires US citizenship.

Essential Duties & Responsibilities

• Supports all phases of the Assessment and Authorization (A&A) processes defined by the Risk Management Framework (RMF) policy DoDI 851001
• Provide Subject Matter Expertise in the areas of system and risk mitigations; make recommendations to the INDOPACOM CISO throughout the security life cycle of all authorized systems within the USINDOPACOMs Approving Official’s (AO) DoDIN Area of Responsibility (DAO)
• Provide support to current and future authorizations including Memorandum of Agreement (MOA), Memorandum of Understanding (MOU), Interconnection Security Agreements (ISA), Partner Nation Connections, Defense Security Cybersecurity Authorization Working Group (DSAWG), and Information Security Risk Management Committee (ISRMC)
• Assist with authority to connect process and provide subject matter expertise in all steps of the process
• Support INDOPACOM Cybersecurity Division and meeting Federal Information Security Modernization Act (FISMA) requirements through tracking compliance, validation and reporting to higher Headquarters
• Performs verification and validation of a system’s security controls and safeguards designed through the security engineering process
• Provides support for vulnerability analysis based on intelligence reporting, compliance status, systems scan and other reporting tools
• Coordinates and/or assists in the preparation of all cybersecurity related inspections, audits and assessments 
• Conducts technical and procedural audits to validate the security posture of HQ USINDOPACOM, Subordinate Commands, Direct Reporting Units (DRUs) and Partners
• Supports the cybersecurity Risk Management program by validating and/or assessing security controls, developing Risk Assessment Reports (RARs) and interfacing with system owners, Information System Security Managers (ISSMs) and Information System Security Officers (ISSOs)
• Assists in the development, implementation, and tracking of the Cybersecurity Workforce and cybersecurity awareness programs

Required Skills & Experience

• Five (5) to Ten (10) years of related experience in Cybersecurity, Information Assurance, RMF, eMASS, ISSE/ISSM, Assessment and Authorization (A&A) process
• Active Secret clearance with the ability to obtain a TS/SCI clearance
• BS or BA degree in Computer Science, Information Systems, Cybersecurity, or a related discipline OR associate degree and additional experience may be substituted for a Bachelor’s degree
• Experience with IA vulnerability testing and related network and system test tools, (ie HBSS, EVSS, ACAS, STIGs, etc)
• Three (3) years to (5) years of experience providing information assurance, engineering, or operational support to the DoD, including supporting information operations, cyber operations, system administration, and systems security
• One (1) year of experience evaluating the cyber compliance of a system against current Risk Managed Framework (RMF) and DoD Cybersecurity policies
• Experience interpreting cybersecurity advisories or tasking orders Ability to leverage diverse sources to gain a technical understanding of a vulnerability, exploitation, and potential impact
• Meets DoD 8140 certification requirements, e.g. CASP, CISM, CISSP, etc.

Desired Skills & Experience

• Experience with USINDOPACOM
• Knowledgeable in DoD policies and NIST Publications
• Intra-agency or joint command experience

Application Deadline:  December 23, 2024

#LI-AP1  #CJPOST