Role and Responsibilities
Responsible for the implementation and management of the C-130H Aircrew Training System (ATS) cybersecurity, physical security, and Information Technology (IT) programs. The primary role of the candidate is to manage and implement the Risk Management Framework (RMF) and ensure compliance with Department of Defense Instructions 8500.01 Cybersecurity and 8510.01 RMF for assessment and authorization of the C-130H ATS. Develops and implements security policy and procedures. Advises senior contractor and government management on all aspects of security and compliance with the National Industrial Security Program (NISP), National Industrial Security Program Operating Manual (NISPOM), National Institute of Standards and Technology (NIST) Special Publication 800 -37 Risk Management Framework (RMF), Special Security Agreement (SSA), Department of Defense Instructions (DoDI) 8500.01, 8510.01, AFI 17-101, and other federal regulations.
Essential Duties and Responsibilities
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Oversees the development, documentation, implementation, operation, and maintenance of the physical and cybersecurity programs for the C-130H Aircrew Training System
Assess and implement National Institute of Standards and Technology (NIST) Special Pamphlet 800-53 (Rev. 4) operational, management and technical security controls.
Document compliance/non-compliance of security controls in the Enterprise Mission Assurance Support Service (eMASS) to support assessment and authorization packages
Collect and maintain all required cybersecurity documentation (compelling evidence/artifacts) for the security authorization package to maintain an Authorization to Operate (ATO)
Assist with developing or updating of Information and Physical Security related plans, procedures, work methods and documentation
Establishes proactive reporting system for non-compliance, intrusion or abuse of information security procedures within classified areas and investigate and recommend corrective actions for violations
Direct the contractor portion of a System Security Plan (SSP) in support of maintaining an Authorization to Operate (ATO)
Lead CAE's C-130H ATS Cybersecurity program, including all administration and execution efforts under the Risk Management Framework (RMF)
Sustain and administer the cybersecurity program within C-130H ATS in accordance with DoD Instructions 8500.01 Cybersecurity and 8510.01 Risk Management Framework.
Design, write and audit procedures for compliance with handling, marking, access control, auditing, and logging actions as specified in NISPOM and the System Security Plan (SSP) for accredited systems
IAM-II Requirements DoD 8570.01-M
M-II.1. Develop, implement, and enforce policies and procedures reflecting the legislative intent of applicable laws and regulations for Network Equipment (NE.)
M-II.2. Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
M-II.3. Develop NE security requirements specific to an IT acquisition for inclusion in procurement documents.
M-II.4. Recommend resource allocations required to securely operate and maintain an organization's NE IA requirements.
M-II.5. Participate in an IS risk assessment during the assessment and authorization (A&A) process.
M-II.6. Develop security requirements for hardware, software, and services acquisitions specific to NE IA security programs.
M-II.7. Ensure that IA and IA-enabled software, hardware, and firmware comply with appropriate NE security configuration guidelines, policies, and procedures.
M-II.8. Assist in the gathering and preservation of evidence used in the prosecution of computer crimes.
M-II.9. Ensure that NE information system (IS) recovery processes are monitored and that IA features and procedures are properly restored.
M-II.10. Review IA security plans for the NE.
M-II.11. Ensure that all Information Assurance Management (IAM) review items are tracked and reported.
M-II.12. Identify alternative functional IA security strategies to address organizational NE security concerns.
M-II.13. Ensure that IA inspections, tests, and reviews are coordinated for the NE.
M-II.14. Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed.
M-II.15. Evaluate the presence and adequacy of security measures proposed or provided in response to requirements contained in acquisition documents.
M-II.16. Monitor contract performance and periodically review deliverables for conformance with contract requirements related to NE IA, security, and privacy.
M-II.17. Provide leadership and direction to NE personnel by ensuring that IA security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
M-II.18. Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and follow NE and IA policies and procedures.
M-II.19. Advise the Authorizing Official (AO) of any changes affecting the NE IA posture.
M-II.20. Conduct an NE physical security assessment and correct physical security weaknesses.
M-II.21. Help prepare IA assessment and authorization documentation.
M-II.22. Ensure that compliance monitoring occurs, and review results of such monitoring across the NE.
M-II.23. Obtain and maintain IA baseline certification appropriate to position.
Qualifications and Education Requirements
Experience with NIST Special Pamphlet (SP) 800-37 Guide for Applying the Risk Management Framework, NIST SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations.
Ability to write System Security Plans (SSP) including classified portions, acceptable to Authorizing Official and compliant with all applicable DOD Directives and Instructions.
Ability to establish and participate in Integrated Product Teams and provide IS security considerations and planning to program management and engineering.
Travel for IA and PIT assessment tasks.
Applicant will be subject to a US government investigation for access to classified information and must meet the eligibility requirements to obtain/maintain the required security clearance. (Secret with TS eligibility preferred). This position also requires eligibility for special access qualification: SCI, COMSEC SCI, NATO and third party classified that may be program specific.
Thorough knowledge and experience with the NISPOM, DOD security related instructions and directives, specific services' security related regulations required.
Extensive experience with hardware/software platforms to include Windows, Linux, UNIX, preferred.
Military service, military environment familiarity, customs/protocol experience preferred.
Ability to communicate, interact and collaborate with management, executive personnel and military personnel including senior officer levels required. Detail oriented; work with minimal supervision, analytical and problem solving capability.
B.S. degree in Computer Science, Computer Engineering, Information Technology, Electrical Engineering or other technical equivalent, Master's degree in Cybersecurity desired.
Five years directly related experience in implementation of DOD RMF security requirements and contractor/government information security. USAF experience highly desired.
DoD 8570.01-M Information Assurance Management (IAM) Level II Approved Baseline Certification (CAP, GSLC, CISM, CASP CE, or CISSP).
Must maintain IAM required Certification(s).
Must attend IA Continuous Education or Sustainment Training (120 hours within 3 years) throughout employment.
Must have excellent oral and written communication skills.
Excellent executive presence including oral and written communication skills.
Must be able to communicate effectively to all levels of management, including succinctly delivering specialized knowledge to assist decision makers.
Must be able to converse and understand legal, business, merger/acquisition and DOD contract specialized language
Ability to assist in development of and adherence to complex budgetary process.
Experience preparing budgets, tracking actuals against budget and managing assets to completion at or under budget.
Ability to develop applications and methodologies by applying principles of logical or scientific thinking to a wide range of intellectual and practical problems.
Strong analytical and strategic thinking skills required.
Certificates, Licenses, Registrations.
DoD 8570.01-M Information Assurance Management (IAM) Level II Approved Baseline Certification
At least one certification MUST be from this list
Must comply with all company security and data protection / usage policies and procedures. Personally responsible for proper marking and handling of all information and materials, in any form. Shall not divulge any information, or afford access, to other employees not having a need-to-know. Shall not divulge information outside company without management approval. All government and proprietary information will be accessed and stored electronically on company provided resources.
Must be able to work with minimal supervision.
Majority of work will be performed in an office environment.
Must be willing to work flexible schedule and as required.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
Ability to sit and operate personal computer for extended periods of time.
Occasional business domestic and international travel required.
Able to lift and carry a minimum of 35 pounds and manual dexterity to bend, stoop, squat and stand for prolonged periods
Must have ability to work overtime as necessary
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for their job. Duties, responsibilities, and activities may change at any time with or without notice.
CAE USA Inc. is an EOE/AA employer and gives consideration for employment to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If you'd like more information about your EEO rights as an applicant under the law, please click here EEO is the Law poster.
PAY TRANSPARENCY NONDISCRIMINATION PROVISION The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted.
Equal Employment Opportunity
At CAE, everyone is welcome to contribute to our success. With no exception.
As captured in our overarching value "One CAE", we're proud to work as one passionate, boundaryless and inclusive team.
At CAE, all employees are welcome regardless of race, nationality, colour, religion, sex, gender identity or expression, sexual orientation, disability or age.
The masculine form may be used in this job description solely for ease of reading, but refers to men, women and the gender diverse.