Security Control Assessor with TS/SCI

Information Management Group, Inc.
Chantilly, VA
Nov 29, 2022
Dec 01, 2022
IT, Security Engineer
Full Time
OverviewFounded in 1987, IMG is a leading small business that exemplifies competence, integrity and follow-through. We consistently provide customer focused professional services, which ensures our company is recognized for continually exceeding expectations. We believe that at the core of our success stand our people. Our people have provided professional services in the Information Technology field for our customers with a commitment to customer satisfaction for nearly 35 years. IMG - is hiring a full-time Security Control Assessor with TS/SCI at it's Chantilly, VA location.ResponsibilitiesA Security Control Assessor (SCA) is an information security professional that provides information security Assessment and Authorization (A&A) support throughout an NRO program's lifecycle to Contractor and Government facilities processing NRO information. SCAs enhance the Information System (IS) security awareness of Directorates' & Offices' staffs, ensure that proper IS security resources are appropriately applied, and act as an IS liaison between the Directorates & Offices and OS&CI.SCA tasks shall include:Review information systems for compliance with applicable DCID, ICD, and NRO directives and guidance, and make recommendations to the USG;Provide IS security advice and guidance in accordance with applicable DCID, ICD, and NRO directives and guidance to Government and industry partners for the protection of data at all classification levels including SCI;Provide IS technical guidance and support in preparing responses for USG approval to A&A questions asked by Government and industry partners;Evaluate and recommend approval, disapproval, or waiver(s) for IS processing national security data at industry and/or Government facilities;Support NRO Security's development and implementation of directives and guidance for NRO Information Assurance, Information Technology, and Information Management policies;Provide input to NRO for consideration in the promulgation of future NRO IS security policy;Support and/or conduct site visits and assessments to inspect and verify IS reports and plans at industrial and Government locations as approved by the cognizant COTR or site Government Point of Contact (GPOC), and provide a written report for review and approval by the Government;Prepare reports and memoranda, to include, but not limited to: Memoranda for the Record (MFR), Memoranda of Agreement (MOA), Authorization To Proceed, and status and technical briefs for review and approval by the Government;Update data and maintain Government-provided databases with current information about Government and industry IS status and representative contact information;Prepare, review, and record notification and status messages to indicate A&A state of systems to system owner or programs in a format approved by the Government;Ensure that appropriate IS security requirements including applicable DCID, ICD, and NRO directives and guidance are addressed and applied and that appropriate documentation is prepared by the system owners or programs. The documentation will be contained in the Security Assessment Package, including, but not limited to the Concept of Operations (CONOPS) Plan, System Security Plans, System Requirements Traceability Matrix, Risk Management Matrix, Test Results, interface control documents, requests for changes, test plans, and other related program security documentation;Track completion of the Security Assessment Report (SAR);Support the preparation of the SAR, including, but not limited to, the Summary of Assessment results and Authorization Recommendation;Review, coordinate, and respond to IS security issues as requested by the Government;Be required to perform short term (less than 90 days) CONUS and OCONUS travel to conduct site security inspections when approved by the COTR;Provide A&A support to the Government for the protection of special programs and tactical operations related activities.Ensure these documents are reported via the Data Accession List (CDRL A008) QualificationsClearance Required: TS/SCI required for consideration. Must be able to obtain CI Poly before starting.Baseline Certification: Must possess and maintain, or obtain within six months from their arrival date, professional Information Security (IS) certification(s) appropriate for the level of duty and responsibility of their position.Education/Experience: Intermediate Level:Masters degree and 3 years of experience ORBachelors degree and 5 years of experience ORAssociates degree and 7 years of experience ORHS Diploma and 7 years of experience Desired Qualifications: Education relevant to computer engineering, information security, information management, and/or computer science;Experience in technical project management.Practical experience performing information systems assessment and authorization (A&A) as defined in applicable ICDs and guidance;Practical experience performing the processes involved in developing and implementing security related directives and guidance for Information Assurance, Information Technology, and Information Management;Practical experience utilizing risk management strategies for information technology solutions;Technical understanding of emerging technologies and their implementation within Government system and network environments;Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems;Technical understanding of information technology systems, software, and networks;Ability to effectively coordinate A&A activities of industry and Government information systems to meet acquisition milestone requirements; andEffective technical report and general correspondence writing ability.Ability to manage and track systems or programs involved in the A&A process.Experience developing and implementing security related directives and guidance for Information Assurance, Information Technology, and Information Management; andExperience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs. COVID-19 Regulations: As required by Executive Order 14042 and the guidance provided by the Federal Workforce Task Force , all federal contractor employees are required to be fully compliant with customer COVID-19 regulations. IMG will provide additional information regarding these requirements and how you can request an exception if needed.IMG Company BenefitsHealth, dental, vision, and life insuranceShort term and long term disability insurance401(k) with generous company matchFlexible Spending Accounts (FSA) and Health Savings Accounts (HSA)15 days of personal leave plus paid federal holidaysProfessional development and training assistance Information Management Group, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.