Posted: April 05, 2011

The IT Security Architecture Manager will direct a team of technical analysts who are responsible for providing Information Assurance (IA) analysis and Certification and Accreditation (C&A) activities in support of client-owned computing infrastructures, environments, networks, computing devices, systems, applications and data. The candidate will interact with system owners and operations staff to incorporate system analysis, vulnerability testing, C&A document development, and reporting activities for the purposes of obtaining Authorities To Operate (ATOs) through an accreditation authority. The successful candidate will demonstrate knowledge of governing regulatory bodies such as the National Institute of Standards and Technology (NIST) and Defense Information Systems Agency (DISA), their standardized IA controls, as well as their C&A requirements and procedures. The candidate should also possess a strong knowledge of cyber security technologies and best practices, including network security devices, encryption methodologies, identity management, access controls, security event management, and Incident Response and Disaster Recovery activities along with the interest and experience to work in the IA discipline.
• Performs analysis, research, and coordination support to civil federal and/or Department of Defense (DoD) agencies in the collection, analysis, validation, and reporting of IA compliance data from client-owned systems, processes, applications, and data.

• Reviews and evaluates customer computing programs and operations to determine adherence to policies and procedures mandated by governing agencies.

• Assists external customers in developing, implementing, and assessing a security program based on customer requirements.

• Advises on the implementation of relevant Federal and/or DoD memoranda, regulations, and policies in C&A data collection and reporting activities.

• Develops, reviews, and updates new and existing C&A documentation for ATO attainment.

• Acts as the primary liaison with customer's senior management and governmental C&A regulatory agencies.

• Analyzes customer requirements regarding applicable security disciplines such as physical security, communications security, operations security, emissions security, as well as wireless and wired computer security.

• Leads independent and objective evaluations and audits of security policy and controls implementation as prescribed by regulatory bodies; reviews controls designed to ensure confidentiality, integrity, and availability of information.
• Prepares correspondence, procedural documentation, reference materials, and any assessment tools, with subject matter experts as necessary, to ensure accuracy and appropriateness of data targeted systems and data.

• Performs on-site vulnerability assessments using automated testing tools and scripts.

• Provides advisory services to Program Offices in support of reporting requirements.

• Structures and organizes C&A work and set priorities to achieve IA compliance.

• Coordinates and plans C&A activities with program management offices and oversight personnel.

• Conducts planning and coordinating meetings with local team members in anticipation of C&A projects.

• Coordinates site visits with target system owners and supporting organizational entities.

• Acts as consultant to senior management; champions multi-discipline and/or cross-functional teams.