Risk Management Framework IA Policy and Compliance Certified Professional - Intermediate

Overview

Empower AI is AI for government. Empower AI gives federal agency leaders the tools to elevate the potential of their workforce with a direct path for meaningful transformation. Headquartered in Reston, Va., Empower AI leverages three decades of experience solving complex challenges in Health, Defense, and Civilian missions. Our proven Empower AI Platform® provides a practical, sustainable path for clients to achieve transformation that is true to who they are, what they do, how they work, with the resources they have. The result is a government workforce that is exponentially more creative and productive. For more information, visit www.Empower.ai.

Empower AI is proud to be recognized as a 2024 Military Friendly Employer by Viqtory, the publisher of G.I. Jobs. This designation reflects the company’s commitment to hiring and supporting active-duty and veteran employees.

Responsibilities

Empower AI: As a Risk Management Framework IA Policy and Compliance Certified Professional, you will provide services in support of the Army Network Enterprise Technology Command (NETCOM) on the Army Department of Defense Information Network (DoDIN-A) Cybersecurity and Network Operations Mission Support (ADCNOMS) contract. You will utilize the DoD-mandated process for all systems, capabilities, services, network devices, and emerging capabilities operating on the DoDIN. You will use established Government guidelines and reporting procedures. Each task shall be completed IAW RMF guidelines for each system, service, or pilot and is pivotal to ATO, quarantine of systems and services, continuous monitoring, inheritance to support other DoDIN systems and services, and testing of new capabilities. For each deliverable, you will coordinate with the Government Project Lead for input on drafting, scheduling, modifying, and finalizing. You will coordinate with the Government Lead on overall priorities and changes to Government processes and procedures.

Highlights of Responsibilities:

• Manage and maintain a valid, current eMASS record for each system, capability, service, or pilot identified in Specific Tasks, and those identified by the Government as emerging requirements.
• Complete DoD Enterprise Mission Assurance Support Service (eMASS) self-paced training within the transition-in period or 30 days after hiring.
• Complete DoD training Enterprise Mission Assurance Support Service-eMASS (EM22014) virtual training within task order transition-in.
• Utilize the RMF Knowledge Service, policy, and guidance in the accomplishment of all RMF tasks.
• Develop and submit a System Security Plan for each new eMASS record or child record.
• Apply all relevant control baselines and additional control overlays for each record.
• Assign all baseline security controls and RMF overlay controls.
• Assign inheritance per current DoD and Army continuous monitoring guidance.
• Update and maintain the software and hardware list to reflect any changes for each system, capability, service, or pilot.
• Update and maintain RMF records per site location, ensuring accurate hardware and software inventories, ACAS scans, and other unique site location data.
• Update and maintain PPS/firewall documentation to reflect any changes for each system, capability, service, or pilot.
• Ensure monthly production security scans are completed for each system, capability, service, or pilot and uploaded into the eMASS record.
• Ensure STIGs are routinely addressed at least quarterly, and controls are implemented and updated within the eMASS record.
• Update POA&Ms to reflect the results of the monthly security scans and STIG updates. Ensure POA&M items accurately reflect strong corrective actions or mitigations that reduce the security threat to the DoDIN-A, Army data, and Army customers. Verify that all remediation dates are achievable. Publish the POA&M workflow IAW with Government processes and procedures.
• Verify that applicable CTO POA&MS are saved into Artifacts, that the vulnerability is addressed within the eMASS POA&M, and that the POA&M workflow is released.
• Verify that system documentation is signed, reviewed on a yearly basis, and uploaded into the eMASS record.
• Complete the Annual Security Review and release the workflow.
• Update and maintain all other actions and functions within the eMASS record.
• Submit workflow for an ATO once all eMASS records actions are verified to be current and accurate; ensuring the workflow is complete and accurate and submitted 90 days prior to ATO expiration date.
• Attend monthly RMF updates on each system, capability, service, or pilot, as conducted to meet ATO suspense dates and development of new system authorizations.

Qualifications

Minimum Requirements:

• Secret security clearance
• Bachelor’s degree
• 7 – 12 years of experience

Preferred Qualifications:

• DoD Cyber Workforce Framework (DCWF 722) Information Systems Security Manager Intermediate qualified (BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science or CGRC/CAP or CASP+ or CCSP or Cloud+ or SSCP or Security+ or GSEC) or equivalent certification
• ITIL v4 Foundations certification

Physical Requirements:

• Sitting for long periods
• Standing for long periods
• Ambulate throughout an office
• Ambulate between several buildings
• Stoop, kneel, crouch, or crawl as required
• Travel by land or air transportation 10% or less

About Empower AI

All hiring and promotion decisions at Empower AI are based on merit to bring the best talent available to contribute to our firm’s overall success. It is the policy of Empower AI not to discriminate against any applicant for employment, or employee because of age, color, sex, disability, national origin, race, religion, or veteran status. Empower AI is a VEVRAA Federal Contractor.