Cybersecurity Compliance Specialist
Adelphi, MD
SUMMARY:
Founded in 2001, Indigo IT is an award winning information technology consulting and services company. We are a trusted services provider to government agencies seeking innovative Cloud, Cybersecurity, Knowledge Management, and Enterprise solutions. We know our defense, federal, and civilian customers have critical IT infrastructures that must remain reliable, available, and maximized. Indigo IT is mission focused and committed to maintaining a sense of urgency in anticipating and supporting our customers’ technology goals and objectives. Our unique ability to think beyond today allows our clients to stay ahead of their IT challenges. As a Veteran-Friendly employer, we are proudly partnered with the Virginia Values Veterans (V3) Program, and a recipient of the HIRE Vets Gold Medallion Award, which recognizes our commitment to recruiting our nation’s Veterans. Recognized on the Inc. 5000 list of America’s fastest growing companies in 2020 & 2021 and named as one of the 2022 Best Places to Work in Virginia, we are always looking to hire top talent in the field - come join us today!
Indigo IT is a process-driven and results-oriented Women-Owned Small Disadvantaged Business, headquartered in Reston, VA. INDIGO IT, LLC’s award-winning expertise encompasses areas critical to its customers’ mission objectives, including network engineering; information assurance; enterprise systems management; systems engineering and integration; program management, acquisition, and lifecycle support; engineering and logistics; medical transformation/health IT; and distance learning and training solutions.
SKILLS & ABILITIES:
- Understanding of security frameworks (ISO/IEC27001,NIST)
- Ability to assess and manage risks.
- Incident Response experience.
- Proficiency in establishing and maintaining compliance programs.
- Strong organizational skills with an attention for details.
ESSENTIAL FUNCTIONS/RESPONSIBILITIES:
- Perform the day to day activities of the A&A lifecycle for all ARL enterprise systems.
- Review DoD and Army policy requirements for A&A applicability
- Coordinate and strategize A&A plans for current and upcoming authorization and Authority to Operate (ATO) efforts.
- Answer A&A/Control related requests and questions from ARL leadership and IT staff.
- Coordinate the collection of and request necessary A&A documentation from respective Government IT teams and System Administrators, which includes the creation of clear and published guidance for government review and approval for where and how the artifacts will be distributed.
- Review artifact submissions and provide timely, valuable, and actionable feedback citing specific deficiencies and clear deadlines if the documentation does not meet Cybersecurity requirements.
- Implement higher command A&A guidance as directed by the ISSM.
- Manage the Plan of Action and Milestones (POA&M) process, which includes providing guidance for creation and submission; maintenance and oversight; improvements to the POA&M process; providing exports of the POA&M in Enterprise Mission Assurance Support Service (eMASS) as needed by the IT staff.
- Maintain required A&A documentation in eMASS for all ARL systems and ensure that the documentation is kept up-to-date and that all A&A requirements have been met and Cybersecurity guidance from higher command is followed.
- Prepare for and lead the Annual Information System Contingency Planning (ISCP) Training/Exercise with relevant and applicable scenarios, document the discussion, and provide written recommendations for improvement within 30 days following exercise with a goal of the least disruption to IT infrastructure during an applicable event.
- Perform any of the above A&A tasks for R&D (non-enterprise) ATOs that fall under the ABS requirements.
- Prepare for and coordinate any Cybersecurity inspections for the organization such as: Security Control Assessor Validator (SCA-V), Command Cyber Readiness Inspection (CCRI), Department of the Army Inspector General (DAIG), Cyber Protection Brigade (CPT), and others as required.
- Complete risk assessments for submitted Configuration Control Board (CCB) items and interact with the ARL CCB to ensure Cybersecurity policies and best practices are implemented within ARL environments prior to any enterprise changes.
- Provide Cybersecurity services for RDENETs to include a comprehensive review, recommendations, risk assessments and approvals.
- Evaluate technical plans and note any Cybersecurity areas of concern so it can be mitigated within the planning phase prior to implementation.
- Validate that all systems within the enclave are configured in accordance with Vulnerability Scanning, HBSS, DISA STIGs, logging and monitoring requirements, etc.
EDUCATION & CERTIFICATIONS:
- Bachelor’s degree in Information Systems, Computer Science, Engineering, Business Administration, or related field
- CISA
- CISSP
EXPERIENCE:
- 10 -years of Cybersecurity experience.
- 5 years of which are compliance based
WORK ENVIRONMENT:
- Work is generally performed in an office setting.
At Indigo IT, we offer an expansive benefits package for our employees, which includes: Medical, Dental, and Vision coverage options. In addition, we offer 401(k) with company match, Group life and disability, Flex Spending Accounts (FSA), Paid Time Off (PTO), Paid holidays, and Education assistance. We also have in house training programs for employees, we reward thought leadership with bonuses and recognition for publishing, speaking, and innovative thought leadership in our industry.
Indigo IT is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. This employer uses E-Verify.