A&A Cyber Security Team Lead

The Information Security Team Lead will oversee a team of Assessors/Auditors that provide program support for 30 annual assessments. Must have management skills and have the ability to direct and lead a team of 10 assessors.  The primary goal is to improve program efficiency, effectiveness, and consistency by providing prompt, reliable and high quality annual assessments of all High and Moderate systems in support of the Risk Management Framework. This includes providing management oversight, managing assessment schedules, providing guidance, and support to the Auditors as directed by the Government. 

KEY DUTIES                                                                                                               

• Review all relevant security documentation for the system to be assessed; 
• Review system-developed core security documentation;
• Perform a thorough, accurate, and effective evaluation of the systems security controls; 
• Oversee periodic penetration testing based on system classification or category;
• Develop high quality security authorization package documentation; 
• Provide assistance in developing and conducting entrance and exit briefings; and
• Develop and maintain sound IT security policies, procedures, templates, and checklists for assessments
• Manage and lead a team of assessors, including developing and maintaining a master assessment and deliverable schedule 
• Travel to client sites to conduct on-site assessments; (≈3 to 6 times a year, typically a week long engagement)

ESSENTIAL QUALIFICATIONS

• Knowledge of IT security policies and implementation standards, and comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards.
• Proficiency in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools
• Proficiency with enterprise architecture methodologies, concepts, procedures, principles, and tools
• Ability to facilitate effective communications between federal clients, system personnel, and the assessment team
• Proficiency in contingency planning and backup and recovery best practices and application of NIST guidance in this area
• Knowledgeable in penetration testing
• Strong verbal and written communication skills
• Must be organized, timely, and customer service oriented
• Ability to work well independently and in a team setting
• Adaptability, flexibility and ability to deal with ambiguity and change
• Excellent oral and written communication and customer service skills
• Excellent attention to detail and good analytical skills
• At least five (5) years of relevant experience required
• At least three (3) years of managing a Security team

REQUIRED TECHNICAL SKILLS:

• NIST SP 800-37 Risk Management Framework experience
• Experienced with NIST SP 800-53 REV 4 preferred
• Experienced with FISMA A&A continuous monitoring
• Experience of A&A Core Documentation development (i.e. SSP, CP/BIA)
• Experienced in assessing and maintaining a FIPS 199 High Category federal system
• Experienced with Security Repository Tools such as Cyber Security Assessment and Management (CSAM)  

REQUIRED CERTIFICATIONS (at least one)

• CISM, CISSP, CISA, CAP, CRISC
• PMP is preferred

EXPERIENCE AND EDUCATION

• Bachelor’s Degree in Computer Science or related field (i.e., EE, CPE, MIS, IT)
• Familiarity with various scanning and monitoring tools including Nessus Tenable.sc, ArcSight, and ECDM (BigFix)
• Familiarity with security assessments in a cloud environment (i.e., AWS, Azure)
• Ability to contribute to general process improvement and integration of automated solutions
• Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio and Project)
• US Citizenship
• Ability to obtain and maintain a government security clearance

ABOUT GAMA-1

GAMA-1 is a rapidly growing technology business that is based in Greenbelt, Maryland. GAMA-1 Technologies provides strategic information assurance, information security, and business enterprise and networking solutions to the Federal Government. Our success is based on the utilization of industry and agency standards, establishment of standardized processes, and IT Services expertise. At GAMA-1, we believe employees should grow, achieve, and develop just as the company grows, achieves, and develops. GAMA-1 is committed to providing our employees with opportunities for career advancement throughout their employment. For more information, visit www.gama1tech.com

GAMA-1 is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.