• Project Manager

    Job Locations US-MD-College Park
    Job ID
    2018-3174
    # of Openings
    1
    Category
    Management
    Work Authorization
    US Citizens, preferred
  • Overview

    VariQ has an exciting opportunity for a highly qualified Project Manager located in College Park, MD.

     

    The Project Manager will be responsible for all work performed under the contract PWS, must have ISSO experience and be thoroughly familiar with ISSO responsibilities. The Project Manager will be responsible for ensuring personnel are aware of, understand, and abide by agency specific rules, regulations, security and safety practices.  The Project Manager may also serve in the role of an ISSO whilst performing PM Functions.

     

    Additional Information:

    • Location: College Park, MD
    • Salary: Dependent upon experience
    • Security Clearance: ability to be cleared for public trust required
    • Available: upon award, currently in proposal stage

    Responsibilities

    • Provide Management over team of 10+ ISSOs.
    • Ensure NARA systems are accessed, integrated, accredited, operated, maintained and disposed of in accordance with applicable security policies and practices outlined in NIST Publication 800-53 (latest revision)_Security and Privacy Controls for Federal Information Systems and Organizations, NARA Directive 202 NARA Classified Information Security Program and NARA Directive 804 Information Technology (IT) Systems Security;
    • Coordinate with the System Owners to ensure that system accounts requests are for valid users, who are eligible for access to the information systems, have a valid need to access the systems, and that all requirements have been met before authorizing access to system(s);
    • Develop and maintain a comprehensive project plan (roadmap) that at a minimum identifies the tasks to be accomplished in the course of completing the requirements, defines project staff roles/responsibilities, and provides a detailed timeline for completion of tasks. The project plan shall include at a minimum the following:
    • Milestones and dates for completion of each deliverable per system
    • Gantt chart for project plan showing milestones and dates for completion of each deliverable per system
    • Resources assigned to each system on project plan
    • Detailed Communications Plan dedicated to the handling of communications between the Vendor, System Owners, O&M Vendors and the Government.
    • Assist system owners to review and validate (recertify) non-privileged user accounts annually and privileged user accounts and rights monthly in accordance with the NARA IT Security Requirements (provided as a GFI) (security control AC-2), to ensure the user's continued need for system access and that the assigned privileges for each user are the minimum required for their current job functions;
    • Perform Security Controls Testing to audit and inspect system security controls, processes and procedures;
    • Manage and track system security requirements during all phases of the system’s life cycle for all operational and development projects;
    • Create, update, and maintain the following security documentation (status of each system’s documentation is provided in the attached systems list):
    • FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems) form;
    • System Security Plan (SSP) completed in accordance with NIST Special Publication 800-18. Security plans are maintained in Xacta or on Shared Drives;
    • Contingency Plan in accordance with NIST Special Publication 800-34;
    • Annual Contingency Test Plan and Contingency Test Report conducted in accordance with the NARA IT Security Requirements (security controls CP-2 and CP-4);
    • Configuration Management Plan in accordance with NIST Special Publication 800-128;
    • Incident Response Plan in accordance with NIST Special Publication 800-6;
    • Annual Incident Response Plan Test conducted in accordance with NARA IT Security Requirements (security controls IR-3) and Incident Response Plan Test Report generated;
    • Plan of Actions & Milestones (POA&M) in accordance with the NARA IT Security Requirements, security control PM-4;
    • Where applicable, resolve and track vulnerabilities identified during security assessments within the timeframe indicated in the POA&M;
    • Business Impact Analysis (BIA) in agreement with NIST Special Publication 800-34;
    • Initial Privacy Review (IPR) and Privacy Impact Assessment (PIA) in accordance with NIST 800-53 appendix J and the NARA IT Security Requirements, security control AR-2;
    • System level Policy and Procedure documentation;
    • Report, respond, and track security incidents in accordance with the NARA Computer Security Incident Handling Guide;
    • Ensure that audit trails are reviewed weekly and retained for the period of time defined in the SSP.
    • Respond to data calls (e.g. OIG data calls, COR requests for system information) to provide security artifacts as requested.

    Qualifications

    • Knowledge of Federal Government SA&A practices and policies, particularly FISMA and NIST Special Publications 800 series.
    • Ability to work independently and also collaborating with application developers, engineers and others.
    • Must be motivated and results oriented.
    • Effective written and oral communication skills.
    • Previous Federal Government experience a plus.

     

    Education Requirements/Years of Experience

    • Five (5) years of experience in IT security, including SA&A and/or IT security risk analysis, preferably in support of the Federal Government.
    • Minimum of 5 years’ experience managing projects to implement Risk Management Framework in the federal government.
    • BS/BA in Computer Science, Information Systems, Software Engineering or other related analytical, scientific or technical discipline.

    Required Certifications

    • At least one of the following Industry recognized and accepted certifications relating to IT security: CISSP, GIAC, CEH, TNCP, Security+, Network+ or other equivalent cert.

    Desired Certifications

    • CISSP Certification highly preferred.

     

     

    VariQ is an equal opportunity employer.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed