RMF / A&A Scorecard Specialist

Description

The mission of the DHS Chief Information Security Officer Directorate (DHS CISOD) is to support the Department’s implementation of all applicable regulatory requirements including the Federal Information Security Modernization Act of 2014 (FISMA), relevant Office of Management and Budget (OMB) Circulars, Executive Orders, Federal laws, directives, policies, and regulations. The DHS CISOD’s mission is to also provide the Department of Homeland Security (DHS) a secure and trusted computing environment. The DHS CISOD assists in ensuring Department compliance with information security requirements. Information security is an essential business function, critical to enabling DHS to conduct its operations and deliver service to the public.

Leidos has a critical need for a  A&A Scorecard Specialist familiar with  RMF/Accreditation and Authorization (A&A).

Duties include assisting with program planning and execution of RMF/Accreditation and Authorization (A&A) , POA&M remediation activities, and performing compliance reviews of IT systems. Knowledge of NIST 800 series, RMF and CSAM are needed to be successful in this role.

Primary Responsibilities:

• Maintain and continue to improve the DHS Information Security Continuous Monitoring Strategy and Program.
• Provide research and development support of data analytic and data management technologies including those associated with collecting, analyzing, parsing, and reporting large volumes of data that may support the DHS CISOD Continuous Monitoring team, as well as DHS Component Continuous Monitoring teams.
• Strengthen data quality and reporting through CDM Elastic, UCMM, Mobius, to include Asset Management Modernize and advance DHS Security Protections through Government, Risk, and Compliance tools, Configuration Baselines, and automation (Continuous Assessment model) to include development of UCMM features  that align to DHS enterprise priorities, including Zero Trust.
• Coordinate annual Performance Plan Working Group by reviewing current metrics, recommending updates with justification and provide training as needed to include performance plan, scorecard metrics and reporting.
• Update Information Security Performance Plan (ISPP) to accommodate new processes, policies or metric updates.
• Develop, maintain, and track performance of the Information Security Performance Plan. Ensure that the goals and objectives within the Department Strategic Plan support and are in coordination with the Secretary’s Strategic Plan and the CIO’s IT Strategic Plan.
• Develops updates maintain, and report on cybersecurity metrics to measure the effectiveness of the DHS CISO’s Cybersecurity Program.
• Develop Compliance Dashboards to leverage centralized security authorization data to support analytics for managing and reporting cybersecurity risks.
• The contractor shall actively develop and support in the compliance monitoring/reporting activities as related to DHS Scorecards and other official reporting (both internal and external to DHS (ex. Cyberscope reporting).
• Create and maintain dashboards and reports for all necessary cybersecurity functions utilizing CDM dashboard, Splunk, Crystal Reports, PowerBi or other authorized platforms.
• Create and generate draft and final versions of monthly/quarterly/annual FISMA scorecards and reports along with tracking all changes, including artifacts and justifications for delivery to Federal Lead, HQ components, CISOD Management, OMB, and Congress.
• Conduct ad-hoc analysis for use in Component One-on-One meetings.
• Create a draft and final cybersecurity report by coordinating, consolidating, and collecting the data and reports from multiple sources (for example, SERR, Cyber Hygiene, CDM).
• Support the (ISCM) waiver process by tracking, adding new systems and updating existing systems using component supplied information, system security plans and continuous monitoring data.
• Create component quarterly specific trending Scorecard.
• Support current and future enhancements and transition of DHS CISOD tools and requirements.
• Prepare data call from DHS CIOs FISMA Requirements document and publish it to HQ components.
• Extract and consolidate data from DHS components’ data call submissions.
• Conduct exploratory analysis and obtain justifications from DHS components regarding the discrepancies according to Office of Management and Budget (OMB) requirements.
• Generate quarterly and annual trending of DHS performance in the measured metrics.
• Create comparisons and determine discrepancies with the scorecard as required.
• Generate draft and final monthly Cybersecurity Scorecards for HQ components and the Department as defined by the annual DHS ISPP from data resident in the DHS databases and other sources. The scorecards are used for reporting progress in information security to the Chief Information Officer (CIO) Council, CISO Council, and senior DHS management. Based on data captured on the last day of each month, the scorecards shall be completed within five (5) business days thereafter.
• Extract data from the OCIO and CISOD databases to generate Daily, Weekly, Monthly, Quarterly, and Annual FISMA scorecards and generate dashboards to display FISMA-related metrics.
• Maintain an unclassified/For Official Use Only (FOUO) and classified (Secret)
• Information Security Performance scorecard solution in the Information Assurance & Compliance Systems (DHS FISMA Compliance Tool).
• Revise scorecard formats and data extracts as necessary to comply with direction from the Federal Leads and maintain consistency with the DHS Information Security Performance Plan.
• Provide responses in support of audits related to cybersecurity.
• Coordinate and follow up with SMEs to generate responses, update, finalize and submit cybersecurity reports. Gather the responses, review/validate responses with SMEs, compile the report and brief CISOD management.
• Prepare various reports and executive summaries, talking points and PowerPoint slide deck for briefing to CISO and CIO as required by CFO, OMB, FNR and other executive directives.

Primary Qualifications:

• Must be able to obtain a DHS Security Clearance.
• Bachelor’s degree with 6 or more years’ experience with DIACAP, DCID 6/3, ICD 503, and/or NIST Framework; additional years of related work experience may be considered in lieu of degree
• Experience with DHS, DoDIIS, and IC tools, systems, and reporting mechanisms/requirements for A&A.
• Practical knowledge of IC, DoD, and DHS Cybersecurity initiatives, and secure information/networking technologies.
• Demonstrated experience as an ISSO, ISSE, Package Submission Officer (PSO), Validators, and /or FISMA Inventory
• Experience shepherding projects through the RMF process in XACTA and EMASS
• Ensure compliance with DHS Standards and procedures.
• Good familiarity with and understanding of all relevant government and agency policies and procedures to ensure system documentation is compliance with relevant guidelines, e.g., FedRAMP, RMF, FISMA, FIPS-II, NIST, etc.

U.S. Citizenship is required.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

#Remote

About Leidos

Leidos is a Fortune 500® technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 46,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $14.4 billion for the fiscal year ended December 30, 2022.  For more information, visit www.Leidos.com.

Pay and Benefits

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.

Securing Your Data

Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system – never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other personal information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected].

If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission.

Commitment to Diversity

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.