Risk Management Framework SME Jacobs
Arlington, VA

Job Description

Jacobs National Security Solutions (NSS) provides world-class IT network and service management capabilities; cutting edge cyber threat awareness and cybersecurity solutions; innovative web- and software applications development; and advanced data analytics for major clients in the Intelligence Community, Department of Defense, and Federal Civilian Agencies.

Our forward thinking solutions deliver an integrated approach to IT network design and management, full lifecycle IT service management, IT service delivery, asset management, logistics and procurement, and vendor management. We leverage the expertise and passion of our employees to conduct identity and access management, penetration testing, and vulnerability assessments for our nation's most closely guarded agencies and networks. Our Cyber Security Operations Centers ensure safe, effective network operations for Federal clients while our data scientists are helping stop illegal acts before they can endanger Americans or our way of life.

Jacobs promotes a culture of operational excellence to create a safer, smarter, and more connected world while upholding the highest standards of compliance, quality and integrity.

We continue to thrive and need your talent and motivation to help propel us farther, faster."

Jacobs is currently seeking an RMF SME to provide on-site support in Arlington VA.

Duties will include:

* The successful IA/RMF SME will support in ensuring that FDIC and information systems adopt and institute FDIC, RMF, and NIST standards and methodologies.
* The effort will include RMF SME support for System Managers and the FDIC GRC Team in security categorization, security plan, implementation of security controls and risk assessments.
* The effort will also include consulting support by providing RMF recommendations, training and guidance on all aspects of RMF.
* The successful IA/RMF SME will have the ability to complete accurate documentation in all Microsoft product formats and provide information to the government task manager to use in briefing agency management.
* Develop, document, and help implement a transition plan for moving from the current process to RMF processes, including updates to documentation and forms to align with proper NIST terminology. Create updated templates.
* Submit recommendations for action by System Managers and RMF Team members.
* Research and recommend a tracking mechanism for RMF requirements, artifacts, and approvals. Develop guidance, processes and procedures for creating and uploading artifacts, such as a system security plan. Disseminate and train process to key stakeholders.
* Develop system RMF system project plans and support completion of activities on time. Track milestone dates and status of systems working through RMF Steps via existing or new RMF tracker.
* Schedule and conduct meetings with key stakeholders providing guidance and direction, identifying and disseminating key milestones and actions, then track milestones to completion.
* Perform annual (at a minimum) review of RMF related policies, procedures and templates. Draft updates to procedures and templates based on initial guidance, annual review, and lessons learned.
* Advise customer to analyze security categorizations, provide training, guidance/suggestions to ensure correct categorization decisions and capture results. Review and draft or update, as needed, organizational security categorization guidance and procedures to allow consistent security categorization across systems.
* Provide guidance and instructions for security control families, as needed, utilizing a Security Control Catalog to provide enhancements as needed to facilitate correct implementation of security controls at the program and system level.
* Advise on proper conduct of risk assessments in accordance with RMF and NIST guidance for conducting risk assessments, including the Risk Assessment worksheet (or appropriate RMF documents) and determination of final risk determination and recommendation.
* Provide guidance and recommendations for continuous monitoring technologies, leveraging current available technologies and recommending solutions to address gaps, as needed.

o General Experience: Twelve (12) years of experience supporting information systems and technology.

o Information Security Specialized Experience: Ten (10) years of experience in supporting information security products.

o Bachelor of Science degree in Information Technology, IT Security, Network Systems Technology or related field or 4 years' experience in lieu of degree plus twelve (12) years of directly related experience or any equivalent combination of education, experience, training and certifications.

o Hands on experience with implementing Risk Management Framework (RMF) and NIST 800-37, Revision 2

o Excellent verbal and written skills

Preferred qualifications:

* Working knowledge of MS Office suite (Word, Excel, PowerPoint), MS Visio, and MS Project;
* Knowledge of FDIC Cyber Security/IA/Privacy policies

Essential Functions:

Physical Requirements:

Most work will be done at a desk or computer.

Work Environment:

General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers. Multiple tasks & duties will need to be accomplished without any single duty falling behind or becoming neglected. Must effectively communicate and be communicated with by other team members. Must be able to represent and speak to current group efforts at any given time.

Equipment & Machines:

General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.

Attendance:

Attendance is critical at all times. Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.

Other Essential Functions:

Must be able to communicate effectively both verbally and in writing

Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others. Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation.

Must be able to interface with individuals at all levels of the organization both verbally and in writing. Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously. Must work well under pressure to meet deadline requirements. Must be willing to travel as needed. Must take and pass a drug test and background check as well as a motor vehicle records check. Must be a US citizen.

#cjpost

#LI-LR1