RMF ISSO

Employer
Aptive
Location
Working from home
Posted
Nov 22, 2022
Closes
Dec 22, 2022
Ref
2022-1734
Function
IT
Hours
Full Time
Job Summary

Aptive Resources is seeking an RMF ISSO to support the SEACOM CSS project.

The Naval Sea Systems Command (NAVSEA) procures over a half billion dollars of Professional Support Services (PSS) each year for its headquarters' Directorates, Program Executive Offices (PEOs), and field activities. In order to meet the Navy strategic sourcing wedge, NAVSEA committed to $250M in savings by procuring PSS more efficiently. Coupled with this need, the Office of the Secretary of Defense (OSD) directed that 50% of all support services be procured using performance based contracting by the year 2005. Furthermore, NAVSEA had more than 450 separate PSS contracts supporting its requirements. Most of these efforts were not integrated from a Command perspective, utilized a multitude of different processes in which to procure the services, and did not leverage corporate buying habits or e-business to facilitate the processes. In addition, the services were predominantly procured via level of effort vice performance-based terms.

NAVSEA established the SeaPort Office to meet these the NAVSEA strategic sourcing wedge and the OSD performance based contracting directive while bringing order to NAVSEA PSS acquisitions. The vision was to provide a faster, better, and cheaper means in which to procure PSS.

Primary Responsibilities

The RMF ISSO will need demonstrated, prior experience to help perform some/all of these tasks:
  • Complete authorization and assessment packages within 120 days of system ATO expiration.
  • Ensure stakeholders are kept informed of risk, status, and roles and responsibilities throughout the RMF process.
  • Guide information owners through completion of Step 0 System Registration in Marine Corps Compliance and Authorization Support Tool (MCCAST).
  • Guide information owners through Step 1, System Categorization, in MCCAST based on information provided by the information owner IAW ECSM 018, FIPS Publication 199 and NIST SP 800-60.
  • Guide information owners through Step 2, select security controls. Determine appropriate defense level and appropriate overlays.
  • Provide information owner with an export of the MCCAST selected security controls and applied overlays to populate the Implementation Details.
  • Review completed security control implementation details and gain validator approval before uploading into MCCAST for ISSM submission for an Initial Risk Assessment (IRA).
  • Manage MCCAST entries updates on behalf of the ISSM and information owners assisting with preparation and review of Federal Information Security Management Act (FISMA) documentation.
  • Guide information owners in the development of a System Security Plan (SSP) that addresses objectives for the assessment, methods for verifying security control compliance, the schedule for the initial control assessment, and actual assessment procedures.
  • Work with ISSM and lead Government RMF ISSO to conduct the initial assessment of the effectiveness of the security controls and document the issues, findings, and recommendations in a Security Assessment Report (SAR
  • Develop a project plan and accompanying Plan of Action and Milestones (POA&M) for the RMF package that addresses all un- remediated vulnerabilities, failed Security Technical Implementation Guideline (STIG) failures and failed security controls.
  • Develop and report metrics that include the percentages of completion in every step of the RMF process.
  • Work the POA&M with the ISO, and shall include all elements required by MCCAST. Update the POA&M at least monthly for the life cycle of the IS using the latest vulnerability scans and STIG checklists.
  • Attend scheduled and ad-hoc Cybersecurity branch meetings for update and coordination of cyber and RMF efforts.
  • Continuously monitor the IS IAW existing and emergent Continuous Monitoring policies.
  • Initiate RMF package creation NLT 12 months from current IS Authority to operate expiration date.
  • Maintain all RMF artifacts and documents in the designated Government repository.


Minimum Qualifications

  • Bachelor's degree
  • 10+ years of relevant experience
  • Active Secret clearance


Desired Qualifications

  • Master's degree in related field
  • Prior government contracting/consulting experience supporting the US Navy


About Aptive

Aptive is a modern federal consulting firm focused on human experience, digital services, and business transformation. We harness creativity, technology, and culture to connect people and systems to impact the world. We're advisors, strategists, and engineers focused on people, above all else.

We believe in generating success collaboratively, leaving client organizations stronger after every engagement and building trust for the next big challenge. Our work inspires people, fuels change and makes an impact. Join our team to be part of positive change in your community and our nation.

EEO Statement

Aptive is an equal opportunity employer. We consider all qualified applicants for employment without regard to race, color, national origin, religion, creed, sex, sexual orientation, gender identity, marital status, parental status, veteran status, age, disability, or any other protected class.

Veterans, members of the Reserve and National Guard, and transitioning active-duty service members are highly encouraged to apply.

COVID 19 Vaccine Statement

This position supports a federal government contract and is subject to government vaccination mandates or other customer vaccination requirements. All new hires are required to report their vaccination status and proof of vaccination, or an adjudicated accommodation may be required for employment.

Similar jobs