Security Assessment And Accreditation Lead

AAC Inc is seeking a highly skilled and motivated professional to join our team as SA&A Lead for the NIH's Center of Information Technology's (CIT) Risk Management Framework (RMF) and Cybersecurity Operations contract. As the lead, you will play a crucial role in overseeing and optimizing the RMF and cybersecurity performance of our contract's requirements. Managing customer, employee, vendor and partner expectations will be important for the overall success of this work along with AAC prestige. This position requires a person who can lead, manage, and demonstrate a deep understanding of federal RMF and cybersecurity policies, solutions and protocols. SA&A, strong analytical skills, and the ability to communicate are a must.

Required Skills

Key Rolls & Responsibilities:

• Experience in development of ATO packages for all kinds of enterprise systems including cloud systems.

• Experience in writing, assessment and validation of the control implementation statements based on NIST 800-53

• Experience in overseeing the development of System Security Plan, facilitate IR and CP tests.

• Experience in creating, tracking, and updating "Plan of Action and Milestones".

• Experience on Risk Management Framework (NIST 800-37)

• Ability to prepare/develop Risk Assessment Memo for Risk Based Decisions

• Ability to create a Risk Register and apprise the management about the high-risk areas.

• Conduct assessment interviews with stakeholders of the systems in scope.

• Experience in creating the SAR (Security Assessment Report)

• Experience in Testing the Controls and opening the POAMs accordingly.

• Review ATO packages prior to submission to CISO and CIO for approval

• Hold exit meetings with systems owners to debrief on the identified findings

Desired:

• CAP
• CISSP
• HHS experience, ideally NIH, NLM or CIT (best) experience, but none required