• Responsible for providing cybersecurity and Risk Management Framework (RMF) support for United States Military Entrance Processing Command (USMEPCOM) Cyber Security Office (CSO).• Responsible for providing Tenable ACAS expertise, (i.e., managing scans, vulnerabilities, and results) in support of CSO directives.• Responsible for providing RMF support for USMEPCOM’s three (3) eMASS registered systems. This includes the creation and/or modification of RMF related documentation (i.e., Standard Operating Procedures (SOPs)) which outline the way USMEPCOM implements NIST SP 800-53 controls. This also includes direct eMASS support in uploading documentation, creating, modifying, and closing POA&M’s, adding DISA STIGs and security results to the eMASS packages, as well as modifying and updating all necessary controls, and control implementation information found within the eMASS records.• Also responsible for conducting full scale STIG security assessments for all 70+ technology areas within the USMEPCOM Enterprise Network.

• Provide technical security assistance and guidance to several of our commercial and government customers in support of their Assessment and Authorization (A&A) programs.• Responsible for supporting all phases of the Risk Management Framework (RMF) program as defined by the Defense Counterintelligence Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM).• Provide eMASS (Enterprise Mission Assurance Support Services) support.• Assess, document, and implement the RMF process for different types of information systems in accordance with the DCSA or DoD.• Assess the existing policies and procedures against compliance requirements.• Suggest policy and procedure changes to customers as required for compliance.• Create and update policy, procedure, and process documents for the accreditation package.• Conduct validation services, prepare POA&M, and compile validation results.• Demonstrated experience with implementing NIST SPs 800-37 Rev1, 800-53 Rev4/5, 800-115.• Demonstrated technical knowledge and experience with Defense Counterintelligence & Security Agency (DCSA) and National Industrial Security Program Operating Manual (NISPOM) processes for Information Systems.• Provides support to overall GRC (Governance Risk and Compliance) mission of the company.

• Administrative lead on all RMF matters pertaining to test support instrumentation.• Maintains risk management activities used for supporting operational testing.• Plans for and responds to configuration requirements to support testing and support problem resolution.• Demonstrated experience with implementing NIST SP 800-37 Rev1 • Demonstrated experience with the NIST 800-53Rev 4/5• Demonstrated experience implementing NIST SP 800-115 • Experience with analyzing vulnerability and penetration testing reports to develop and manage POA&Ms to include risk calculations• May plan, coordinate, and implement security measures to safeguard computer databases.• Conducts ongoing security risk assessments including monitoring, investigation and reporting of security risk.• Maintenance and auditing of system user accounts, system backups, and audit files. --- Support the configuration management, verification, and validation (V&V) of all test support systems and databases.• Responsible for the technical design, planning, implementation, and the highest level of performance tuning and recovery procedures for mission critical systems. • Serves as a technical expert around system administration for complex operating systems.• Recommends the redesign and configuration of operating systems and system applications as it pertains to RMF procedures.• Provide support to the Configuration Control Board (CCB) as required. Provide input to test team accreditation plans.• Investigates and analyzes feasibility of system requirements and develops system specifications.• Identifies methods, solutions, and provides project leadership and management to provide a high level of service.

• Serves as information security lead on the incident response program.• Assists Executive management team in addressing identified risk and recommending changes to correct deficiencies.• Analyzes operational procedure and internal controls to minimize risk and optimize efficiencies.• Performs or oversees all annual risk assessments including the enterprise-wide risk assessment.• Identifies, assesses and prioritizes risk to the Bank. Develops methodologies and processes to measure, report and correct issues as part of an effective plan for enterprise risk management.• Responsible for directing the Bank's risk assessment measures; coordinating with other departments, vendors, systems, and law enforcement.• Establishes and maintains and effective Business Continuity Plan including policies, procedures, practices, and testing to include disaster recovery, emergency response, incident response, and crisis management, Schedules and conducts meetings and exercises, and retains documentation as required.• Acts as a liaison between IT, Operations, and other departments within the Bank as well as with auditors and examiners to provide an effective working relationship with regulators.• Develop and maintain information security controls framework (e.g. FFIEC, GLBA, SOX, FDICIA, CobIT, NIST).• Demonstrated experience with implementing NIST SP 800-37 Rev1 • Demonstrated experience with the NIST 800-53Rev 4/5• Demonstrated experience implementing NIST SP 800-115 • Experience with analyzing vulnerability and penetration testing reports to develop and manage POA&Ms to include risk calculations• Implement an enterprise-wide security awareness program and coordinate associated training.• Monitor security related controls and systems to ascertain compliance with bank policies and procedures. Follow-up on detected security issues and implement solution to reduce security risk.• Oversee independent vulnerability and penetration testing.