CACI International Risk Management Support Lead at Scott AFB in Scott Air Force Base, Illinois
Risk Management Support Lead at Scott AFB
Job Category: Security
Time Type: Full time
Minimum Clearance Required to Start: Top Secret
Employee Type: Regular
Percentage of Travel Required: Up to 10%
Type of Travel: Local
CACI is looking for a Risk Management Support Lead to support our customer, U.S. Transportation Command (USTRANSCOM), at Scott AFB Illinois. This position is contingent upon award of the USTRANSCOM Command, Control, Communication & Cyber Systems Managed Information Technology Services (MITS), Enterprise support Managed services.
What You’ll Get to Do:
CACI has an excellent opportunity for an experienced, self-directed, Risk Management Support Lead. This position is in support of a Department of Defense (DoD) organization, USTRANSCOM Directorate TCJ6 located at Scott AFB IL.
More About the Role:
Responsible for Risk Management and Compliance through ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Responsible for USTRANSCOM and the Unified Combatant Command (UCC) in maintenance of an all-encompassing system security program to proactively manage all Infrastructure systems security risks, vulnerabilities, and compliance with security configurations, guidance, and policies. Manage formation Assurance activities, responsible for enabling the ongoing assessment and ongoing authorization of all infrastructure utilizing Risk Management Framework (RMF) and automated Security Assessment and Authorization tools.
Staff Security Training - provide personnel security training progress report. As the Risk Manager you will assist in the development of a standardized, enterprise-level Risk Management Process. You will assess, analyze, propose mitigations, and manage the creation, tracking and closure of risks, issues, and opportunities (R/I/Os) related to the successful completion and/or delivery of a US Government product or service. Provide technical support and/or leadership in the creation and delivery of technology solutions. Facilitate risk management efforts (i.e., risk identification, assessment, and mitigation planning). Define, develop, and record all risk items on the Risk Register. Develop and maintain the Risk Management Plan. Identify and develop contingency plans, fallback plans, and workarounds. Assign appropriate Risk Response Strategies (Avoid, Mitigate, Transfer, Exploit, Share, Enhance, Accept). Assign Probability (Likelihood) and Impact (Consequences) for each risk item; track, manage, and update as risk plans are executed. Conduct SWOT Analysis, Risk Audits, Risk Assessments, and Variance and Trend Analysis. Identify Risk urgency, appetite, triggers, tolerance, threshold, and aversion and map in a decision tree matrix. Facilitate and/or brief multiple meetings or forums weekly and or monthly. Communicate risk posture and project information to stakeholders. Drive effective teamwork, communication, collaboration, and commitment across multiple disparate groups with competing priorities. Communicate project issues and status in a concise, accurate, and professional manner. Support, coordinate, document, assess, and comply with all Cyber Security operations IAW operational plans, SOPs, and Work Instructions. Compliance POA&M analysis, management, compliance, and remediation. Monitor security advisories and security bulletins to ensure compliance with applicable security requirements. Support Security Release Management - Track and report software inventory for all infrastructure devices (patches and firmware). Understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN), Manage a team with a focus on policy, implementation of strategic initiatives and execution of day to day deliverables. Establish or work to achieve, team objectives, operational plans with measurable contribution towards the achievement of results of the job function or completion of a project.
You’ll Bring These Qualifications:
Technical Level III and Management Level II certification per DoD 8570.01-M
7+ years of IA/cyber security experience, with at least four (4) of those involving application of DoD policy, direction, and guidance to customer environments.
At a minimum possess applicable intermediate ITIL certification (e.g., Service Operations, Service Design, Planning, Protection and Optimization (PPO), Release, Control and Validation (RCV)).
Experience/working knowledge of NIST and DoD security policies, directives, and guidelines.
NIST Risk Management Framework and Security Control Implementation
Experience/working knowledge of Network/system architecture design and implementation.
Experience/working knowledge of Vulnerability scanning, e.g., Retina and Nessus.
Experience/working knowledge of Network architecture and design (e.g., security stack and integration with office automation products and services to include production, test, development, and DMZ enclaves.
Desired skills and experience/working knowledge.
Current Microsoft server and workstation OS security configurations.
Current Red Hat Linux Enterprise OS security configurations.
Current Unix OS security configurations.
Current Microsoft server and desktop application security.
Current Microsoft Windows Group Policy Object (GPO) security configurations.
VMware functionality and security.
Database functionality and security, e.g., Oracle, MS SQL, MS Access.
Border device security, e.g., firewall, VLANs, IP Subnetting, Ports and protocols).
Application code scanning with Fortify or other government furnished systems.
Metrics capture & documentation.
Technical writing, to include technical documents and user training materials.
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer – Females/Minorities/Protected Veterans/Individuals with Disabilities.