Cybersecurity Audit & Compliance Officer

Summary This intermediate level Cybersecurity professional is responsible for conducting assessments of the implementation of NISP security requirements (e.g., management, operational and technical security controls) for information systems governed by the NISPOM, JSIG and other USG requirements (e.g., DoD 5205.07-V1 - V4) at multiple locations. The CACO will monitor program activities and continually evaluate and make necessary adjustments for a highly effective security program as a business discriminator. The CACO will identify and document potential or actual weaknesses or deficiencies discovered in the information systems, provide recommended corrective actions to address identified vulnerabilities to responsible senior level leadership, and track corrective actions to closure. Responsibilities will include Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. Essential Duties and Responsibilities Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Perform security analysis of operational and development environments, threats, vulnerabilities, and internal interfaces to define and assess compliance with accepted industry and government standards
Ensure security policies and procedures comply with Government standards
Collaborate daily with a wide variety of functional areas such as Program Management, IT, and Cybersecurity personnel to ensure security compliance of classified information systems.
Perform assessment of ISs, based upon the RMF methodology in accordance with the DAAPM, JSIG, and other USG security requirements.
Ensure security assessments are completed and results documented and validate the Security Assessment Report (SAR) for the Authorization boundary
Review any active Plan of Action and Milestones (POA&M) with identified weaknesses for each Authorization Boundaries assessed, based on findings and recommendations from the SAR
Assist with Government compliance inspections
Conduct investigations of computer security violations and incidents, reporting as necessary to both the FSO/CPSO and Program Management.
Assist the Government with security incidents that relate to cybersecurity and ensure that the proper corrective actions have been taken
Evaluate and validate the effectiveness and implementation of Continuous Monitoring Plans
Represent the Security Organization on inspection teams
Acts as a primary liaison with between the D&S Global Security organization and Engineering/Program Management leadership teams regarding Cybersecurity compliance.
Accomplish tasks as assigned by the Sr. Director of Security
Identify program challenges, recommend and coordinate solutions with senior Engineering leadership
Validate proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered.
Clearly communicate/present program status, issues, risks, opportunities and plans to senior program management and senior executive staff members Qualifications and Education Requirements Bachelor's degree in related discipline
A minimum of 8 years of successfully implementing and managing information systems security requirements in support of classified programs. Collaboration with multi-disciplined organizations is critical to the CACO's success. Demonstrated experience with information systems and RMF process/artifacts is required and industry-standard Information Assurance tools.
Hands-on auditing and investigation experience
Expert knowledge as an ISSM or SCA implementing or managing cyber security requirements on classified systems under NISPOM, JSIG, ICD 503, NIST-53, and/or CNSSI 1253.
Eligibility for access to Special Access Program Information
Willingness to submit to a Counterintelligence polygraph
Ability to understand information systems equipment configurations (switches, routers, IDS, firewalls, servers, storage arrays, etc.)
Ability to receive and provide constructive feedback, recognizing blind spots and working to maintain a positive, collaborative, and effective team environment
Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level III or Information Assurance Manager Level II within 6 months of the date of hire
Able to reason, plan, and evaluate situations to make appropriate recommendations and take actions beneficial to the program and the company. Able to demonstrate complex reasoning and problem-solving abilities. Must display tact and self-discipline necessary to interface effectively with customers, vendors, all levels of management, and employees. Demonstrated technical experience configuring Windows, Networking, and UNIX-based operating systems IAW DISA STIGs. Strong organizational and administrative skills with the ability to track a large number of programs concurrently.
Due to U.S. Government contract requirements, only U.S. citizens are eligible for this role. Security Responsibilities Must comply with all company security and data protection / usage policies and procedures. Personally responsible for proper marking and handling of all information and materials, in any form. Shall not divulge any information, or afford access, to other employees not having a need-to-know. Shall not divulge information outside company without management approval. All government and proprietary information will be accessed and stored electronically on company provided resources. Incumbent must hold Current Top Secret/SCI eligibility with current Investigation Date
Work Environment This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. Work will be performed in office environment on site. This is not a remote position.
Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Ability to travel up to 50% (CONUS & OCONUS)
Ability to work overtime as needed
Ability to sit for long periods of time in front of a computer
Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for their job. Duties, responsibilities, and activities may change at any time with or without notice. CAE USA Inc. is an EOE/AA employer and gives consideration for employment to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you'd like more information about your EEO rights as an applicant under the law, please click here Know Your Rights: Workplace Discrimination is Illegal. PAY TRANSPARENCY NONDISCRIMINATION PROVISION The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.