Risk Management Framework Transition Lead
The objective of this new and exciting program is to maintain or improve cybersecurity for the Air Force Air Combat Command in order to protect the missions which depend upon ACC's NIPRNet and SIPRNet and incorporated information systems. The employee will conduct assessments of Main Operation Base/Geographically Separated Unit (MOB/GSU) security posture using National, Federal, DoD and related cyber best practices publications approved by the government. The task will provide the government with contractor on-site support for Defensive Cyber Operations (DCO) of Mission Systems - Cyber Readiness Inspections such as CCRI and Command Cyber Operational Readiness Inspection (CCORI). The employee shall assist ACC to create a sustainable program that enables assigned personnel the ability for continuous monitoring and reporting in support of cyber maturity actions. Mature management processes, including Configuration Management, Vulnerability Management, and Change Management are indicators that a program is in a positive state of cyber readiness.
The employee will perform the following tasks:
- Review all historical data packages for compliance with DoDI, such as Authority to Operate (ATO), DoD Information Assurance Certification and Accreditation Process (DIACAP), RMFs, Interim Authority to Connect (IATC), ATC, eMASS, and previous CCRI and Cyber Readiness support documentation.
- Review system POA&Ms and identify areas of non-compliance with governing security policy and assist system owner in drafting POA&M(s) that document the mitigation strategy.
- Train and assist system owners in the accreditation and upgrade of all AF networks, enclaves, systems, and circuits.
- Conduct Risk Analysis based on the RMF and provide a Risk Assessment Report to the Government as directed
- Conduct IA control validation and review of artifacts necessary for DIACAP and RMF
- Register respective systems in the appropriate tracking system (e.g., eMASS, RMF, DIACAP, EITDR), facilitating communication among Government stakeholders.
- Review maintenance of the government's C&A tracking products, such as DISA Connection Approval Process for SNAP and Global Information Grid Interconnection Approval Process (GIAP) circuit management tools, eMASS and EITDR entry procedures, and DISA Continuous Monitoring and Risk Scoring (CMRS) efforts
- Provide RMF assistance and perform knowledge transfer to bases as requested by CO/PM and COR. Recommend and provide on-site or remote virtual RMF training as needed in the most cost efficient manner.
Bachelor's degree or 4 years of additional experience in lieu of degree
5 years of direct experience supporting the system administration and maintenance of DoD systems
Proven success working independently
Proven ability to work with multiple levels of customers
DoD 8570 IAT Level III - One of the following certifications (CCNA Security, GICSP, GSEC, Security Plus CE, SSCP)
Previous experience supporting CCRI and RMF processes
Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.
Meet Some of Northrop Grumman's Employees
Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.
Back to top