IA Policy and Compliance Certified Professional - Senior

WHO WE ARE:

STAHL Companies provides the Program Management for its Channel of Commercial Technology companies in Government that consist of Small Businesses and New Technology start-ups.

STAHL advocates for policies that can improve government services and maintain our government's competitive advantage, by bringing more technology into government programs.

STAHL Companies advocates on behalf of our nation's innovative, new technology and small businesses looking to work with the U.S. government. We do this by aligning the voice of our small business members with advocacy for change in federal policy that will make the government market more accessible to small businesses and the commercial technology ecosystem.

The Channel's founding Technical Board Members include former government leaders and IT executives passionate about bringing best-of-breed technology to the government.

Job Description:

Under general direction, performs and leads support of Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks; ensures validity and accuracy review of all associated documentation. Leads and performs compliance reviews of computer security plans, performs risk assessments, and validates and performs security test evaluations and audits. Analyzes and defines security requirements for information protection for enterprise systems and networks. Assists in the development of security policies. Analyzes the sensitivity of information and performs vulnerability and risk assessments on the basis of defined sensitivity and information flow. Professionally certified as Technical Level III as defined by DODI 8570 is a requirement.

We are seeking a skilled and experienced IA Policy and Compliance Certified Professional – Senior to join our team!

Successful Stahl Companies employees possess the following traits:

An ability to get things done: You are persistent, resourceful, results-oriented, and action-oriented. You constantly plan ahead and foresee issues before they occur.

Analytical: In order to improve your comprehension of the market and the demands and problems of your clients, you have good analytical abilities and are at ease reading quantitative data.

Creative mind-set: You are able to solve problems creatively and swiftly adjust. You possess a thorough understanding of product management principles and the ability to apply them when analysing data and making recommendations.

Emotional Intelligence: You have a strong sense of self and excellent perception of how important relationships function. You are upbeat, sympathetic, adaptable, and inquisitive. Your genuineness, warmth, and competence help you win the respect of your co-workers.

Trustworthy: You have a strong sense of morality, principles, and purpose. You are trustworthy because of how you conduct yourself. You are a living example of the company's values.

Responsibilities:

• Execute internal audits, SIEM, management, Incident response, configuration management, compliance studies, and change management oversight to establish a modified Cyber Security Service Provider function for a nonstandard network
• Assist in the administration of an effective Cyber Security program that involves providing management of organizational risk advice, guidance, and assistance
• Remain abreast on changes to Joint, DOD, and Army doctrine as it pertains to cyber security and risk management
• Stay current on up-to-date IT news regarding network security and future trends in Cyber Security (excloud computing security)
• Provide all necessary support, including documentation, task coordination, artifacts, eM
• ASS entries, ACAS Scans, STIGs, Log analysis, and other actions necessary to support approved customer TSPs and ATOs this includes successfully passing all cyber security inspections (No Notice, CCRI, DAIG, OIP, PII, PIA, Cyber Awareness month, TRADOC, etc)
• Maintain the CCOE Training Networks security posture by ensuring delivery and Compliance of continuous monitoring (ACAS scans) and STIG application/compliance
• Ensure that pre and post-accreditation mitigation occurs and is conducted after each scan is run and STIGs are reviewed
• Within 15 days of a CAT I finding a mitigation is executed and for CAT II/III finding the mitigation is completed within 45 days
• Ensure that any findings which are placed on a POA&M and are tracked through completion
• All STIGs (where applicable) are reviewed once per area/per device
• Provide an Executive Summary (EXSUM) outlining key points obtained from any meeting attended to the government
• Support the establishment, implementation, and operation of a continuous monitoring program throughout the customer secured systems
• Conduct a comprehensive assessment of the management, operation, and technical cybersecurity controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the Cybersecurity requirements for the system)
• Provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities

Qualifications:

• Must be Information Assurance Workforce (IAWF) Information Assurance Manager level III (IAM III) certified with at least one (1) baseline certification: CISM; CISSP (or Associate); GSLC; or CCISO
• At least 10 years of management experience
• Must be available by phone or email from 0730-1700, Monday thru Friday except Federal holidays or when the government facility is closed for administrative reasons
• Must be a U.S. Citizen
• Final Top Secret/SCI Clearance (cannot be interim)

*Position is contingent upon award