Overall Assignment Description:

• Advises the Program Manager (PM) on integrating information system security control requirements into System Development Lifecycle and the Acquisition Lifecycle.

• Review and provide assessments to the PM on Requests for Change (RFCs), Engineering Change Proposals (ECPs), Assessment and Authorization (A&A) documents; attend design reviews, and ensure security requirements are identified and documented.

• Provide technical advisory support to the Program Manager to ensure that all aspects of each Information System (IS) meet applicable Intelligence Community Directives and NGA A&A requirements from initial concept, through development, procurement, implementation, system maintenance, and continuous monitoring.

• Develop an accreditation plan to support the Program Manager which properly tracks the NGA process by which the IS definition, development, and security testing are to take place.

• Provide advice and assistance to the PM to manage the IS throughout the System Development Lifecycle including cost, schedule, performance from system development to initial operating capability (IOC), and through transition to operations.

• Provide consulting and advice to the PM during the early stages of the system life cycle to initiate the A&A process, negotiate the security requirements that must be met, and the technical security features of the IS.

• Responsible for ensuring that security guidance flows from the PM to the developer for satisfying the requirements to deliver the system, to include the schedule for delivering a certified and accredited system.

• Provides input to the PM on Program Management Office ECPs, Budget, and any other taskers or actions.

Duties include: 

• Coordinate, participate, and support the PMO in registration meetings to formerly register all International Program related information systems with the Delegated Authorizing Official (DAO) for NGA. 

• Ensure the Body of Evidence for each IT system is properly developed, submitted, published, maintained, and accurately reflects the definition, development, security testing processes, and relevant security requirements.

• Perform required actions to ensure all International Program related Information Systems are properly entered and maintained using the XACTA Information Assurance web application.

• Review and submit evidence of completion to all DAO directed liens via a Plan of Action and Milestones (POAM) for International Program information systems to ensure the Program Mangeris in compliance with NGA guidance to maintain continuous monitoring of NGA accredited information systems.

• Review all aspects of proposed system security plans to ensure the system is being developed in compliance with NGA security guidelines, agency policies, and Intelligence Community Directives.

• Ensure Security Controls Assessment (SCA) Testing is scheduled and completed on an annual basis and any findings are addresses in a POAM.

• Ensure that appropriate Information Assurance Vulnerability Alerts (IAVA) are reviewed, assessed, and responded to in a timely manner.

• Prepare staff summary sheets (SSSs) and brief for all systems that require a cross domain solution.

• Maintain routine interface with the NGA A&A team (ISSO, SCA, and DAO) and keep them informed of any pending changes to the IT system baseline which may impact security.

• Maintain routine interface with relevant Department of Defense (DoD) and Intelligence Community (IC) A&A teams which may impact security for the International Program.

• Submit training requests and ensure development contractors are trained and familiar with NGA processes and requirements.

• Coordinate and negotiate the formal Rules of Engagement technical meeting with the penetration testing and security control assessment testing teams to discuss the rules, assessment activities, requirements, and other activities associated with conducting penetration and vulnerability testing on systems requiring a cross domain solution.

• Schedule and coordinate Penetration Testing for all systems that require a cross domain solution, ensuring that agreed to Rules of Engagement are followed by the PEN team during test events.

• Review and provide input on security related test procedures prior to readiness reviews.

• Initiate memorandums for the record (MFR) to decommission IT systems once when no longer required.

• Ensure audit trails are periodically reviewed and report compliance to NGA Information Assurance Officers (IAO) and that audit records are maintained and archived for future reference.

• Perform required actions to ensure all International Program related Information Systems are properly entered and maintained in the Information Technology Disaster Recovery (ITDR) web application when required.

• Ensure the International Program information systems are in compliance with Department of Defense mandated Information Operations Conditions (INFOCON) requirements where applicable. 

Skills and Experience:

Required:

• Maintain a current professional certification such as a Certified Information Systems Security Professional (CISSP), Security , or equivalent.

• Degree in IT Management, CIS, or other engineering field. 

• Minimum twelve (12) years of experience and eight (8) years of relevant experience

Desired:

• Understand of Assessment and Authorization processes.

• Understand the geospatial intelligence mission and its contributions to the IC.

• Trained and experienced with using the XACTA Information Assurance web application.

• Familiarity with NGA Continuity of Operations processes; experience with writing Information Technology Disaster Recovery (ITDR) plans, Business Continuity Plans, and modifying and documenting Essential Functions.

• Familiarity with NSG and ASG systems. 

• Familiarity with Services Oriented Architecture (SOA).