Authorizing Official Direct Representative
ECS Corporate Services

ECS is seeking an Authorizing Official Direct Representative to work in our Washington, DC office.

Job Description:

Serve as the primary interface between Federal and contractor staffing serving as field-level ISSOs/ISSMs around the globe, and the Federal Agency SA&A oversight program for a major Federal client on behalf of the Authorizing Official.

Provide significant cyber consultation, oversight services, authorative technical support, and approval of Risk Management Framework (RMF) deliverables (security categorization, security baseline control selection, system security plan, contingency plans, POA&Ms, security assessment cost estimates, security assessment plan, security assessment report, pre- and post-assessment remediation of security assessment findings, risk assessment calculations, and security authorization recommendations) on behalf of the Department Authorizing Official (AO) within the service delivery timeframes established by the Federal client.

Serve as the primary and/or backup individual responsible for responding to system-level inquiries, based on system assignments, with minimal supervisory attention.

Provides comprehensive customer service and maintain a collaborative rapport with client cyber and business entities and senior managers, employees, and other internal and external contacts in support of cyber security compliance deliverables and mission support work.

Provide accurate and concise oral and written responses to inquiries and respond to concerns with initiative and decisiveness and take appropriate steps to resolve any issue as directed/authorized.

Be a driver of holistic and enterprise-scale changes in cyber-security programs within large Federal client. Act as a "disruptor to the status-quo" to drive needed changes to cybersecurity and related agency-wide workflows (Privacy, SDLC, procurement, etc.) to ensure that security and privacy best-practices and statutory and regulatory requirements are met in a holistic and cost-effective manner.

Provide consultation expertise at various levels with a large Federal agency to develop and maintain enterprise-scale cyber security program that reacts quickly to changing regulatory and operational drivers, including emerging technical, operational and management risk-drivers:

• Participate in Daily, Weekly, and Monthly status meetings with key Government personnel, at times on short notice, to ensure stakeholders are informed of program status and progress on various cyber initiatives. Provide an opportunity to set priorities, identify opportunities or concerns, and coordinate resolution of identified problems.
• Develop program level security documentation, audit liaison activities, and compliance oversight activities to strengthen the security program and promote compliance with the Risk Management Framework (RMF).
• Support the performance of independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).
• Support the management and implementation of continuous monitoring solutions to increase the visibility and transparency of network activity.

Required Skills:

• 5+ years of Executive-Level cyber RMF consulting experience advising Cybersecurity programs in large federal organizations.
• 4+ years Information Systems Security Officer (ISSO) experience for enterprise class systems and applications.
• Strong interpersonal and human relations skills, including ability to communicate technical concepts to non-technical personnel.
• Strong written, verbal, and presentation skills, including demonstrated ability to interact effectively with Senior Agency management and leadership.
• Strong stakeholder management and engagement skills with staff at all levels, including ability to collaborate with people of varied technical backgrounds and management levels.
• Advanced understanding of and experience with GRC tools, policy, procedures, and processes, including (but not limited to) FISMA audits and compliance, NIST, RMF, and recent Executive Orders.
• Experience with NIST Risk Management Framework and Governance, Risk & Compliance (GRC) and Information Assurance capabilities/tools.
• Strong familiarity with NIST Risk Management Framework at the subject matter expert level, particularly including SP 800-30, -37, -39, -137, -53, and -53A/B.
• Ability to guide the development of enterprise-specific implementation guidance for agency management.
• Ability to analyze and interpret Federal legislation, directives, Office of Management and Budget (OMB) mandates, and guidance provided by the National Institute of Standards and Technology (NIST) against existing information security and privacy policy to identify required updates.
• Ability to conduct research on new and emerging information technologies and develop comprehensive information security and privacy policy, standards/guidelines, and procedures to facilitate the implementation of information security and privacy controls. Must have working knowledge of the Privacy Act of 1974 (as amended), the Federal Information Security Modernization Act (FISMA).
• A Bachelor's degree from an accredited college in systems engineering, computer science, computer engineering, information technology, management information systems or equivalent.
• Combined 13+ years in cyber, IT or related fields.
• At least one Cybersecurity or related certification. Preferred include:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • GIAC Security Essentials Certification (GSEC)
  • Certified Authorization Professional (CAP)
  • Project Management Professional (PMP).
• Active Top Secret clearance or higher.

Desired Skills:

• Experience managing Security Controls Assessments.
• Experience overseeing the development and execution of security and privacy assessment plans in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project.
• Experience overseeing enterprise-scale standards, guidance, administration, templates, reports, processes and procedures, and leverage communication vehicles used by the key stakeholders.
• Knowledge of penetration testing principles, tools, and techniques.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

General Description of Benefits

This job has expired.