8570

cybersecurity compliance project manager alexandia VA job

February 22, 2020 by Leave a Comment

check out the courses:
http://convocourses.com

Job Title: #Cybersecurity #Compliance Project Manager
Job Location: Alexandria, VA, US
Project Length: Long Term

Clearance Requirement: Active Secret clearance.

Key Role:
Serve as a Task Lead responsible for the creation of a Cybersecurity Governance, Risk, and Compliance (GRC) team assessment program for a DoD organization. Design, develop, and implement the assessment program independently to measure Cyber GRC metrics, determine readiness for audits and inspections based on DoD policies and NIST standards, identify risks, and provide automated remediation plans. Work to improve communication and enhance the organization’s security posture through risk assessment preparation. Perform blind, non-punitive readiness assessments for organizational units to provide a preparatory remediation plan for upcoming inspections. Measure the effectiveness of the GRC programs and provide leadership with an unfiltered view of the organization’s security posture, measuring the balance between its objectives and risk profile. Recommend strategic enhancements and structural improvements for a compliance division.

Basic Qualifications:
10+ years of experience with Cybersecurity.
Ability to design, develop, and manage the implementation of risk assessment process methodology and tools, including eMASS.
Ability to communicate effectively and professionally in a fast-paced client-environment.
BA or BS degree in a Technology, IT, or Cybersecurity field.
DoD 8140 and 8570 IAM level II Certification.

Additional Qualifications:
Experience with GRC and assessment processes.
Experience with DoD 8500 series, NIST SP 800 series, DoD regulations, and instructions, including DoDI 8140-01, DoDI 8530.01, CJCSI 6510.01, and the Risk Management Framework (RMF).
Experience with briefing senior government officials at the General Officer and SES-levels.
PMP Certification.

Direct: 703-653-0218
karthik@param-solutions.com
https://recruiting-as-a-service.param…

https://param-solutions.com/careers

information assurance engineer maryland Aberdeen

April 16, 2019 by Leave a Comment

check me out on:
https://securitycompliance.thinkific.com

the Job:
Job Title: Information Assurance Engineer
Location: Aberdeen, MD
Position Type: Full Time

Clearance: Minimum Interim Secret

Must Have IAT Level 3 Certification.

Job Description:
Provides security engineering designs and implementation in all aspects of Information Assurance and Information Security (InfoSec) Engineering.
Assesses and mitigates system security threats/risks throughout the program life cycle; validates system security requirements definition and analysis; establishes system security designs; implements security designs in hardware, software, data, and procedures;
verifies security requirements; performs system certification and accreditation planning and testing and liaison activities, and supports secure systems operations and maintenance.
Mandatory Skills:
Demonstrated experience performing IA activities in support of software and system requirements, design, development, testing and sustainment
Experience with employment of IA requirements, policies, and processes to include authorization and accreditation as part of the RMF process
Experience with risk and vulnerability assessments and mitigation
Demonstrated ability to provide guidance on Intelligence Community (IC) Cyber/IA regulations and requirements to senior customers, senior LM leaders, and the program engineering staff
Experience with Security Information and Event Management (SIEM) correlation tools, Scanning (Nessus), and Host Based
Security System (HBSS)
Please provide the following information
Rate Expectation:
Full Name:
Contact No:
Alternate contact (if any):
Email address:
Current Location:
Relocation:
Availability:
Visa status

Kindly share your detailed resume at zoeyw@etalentnetwork.com

If you are qualified and interested in making a change or know of a friend who might have the required qualifications, please call me ASAP at (877) 733-3555 Ext.267, even if we have spoken recently about a different position. If you do respond via e-mail please include a daytime phone number so I can reach you. In considering candidates, time is of the essence, so please respond ASAP. Thank you.

Sincerely yours,
ZoeyWest
E TalentNetwork

Home

8251 Greensboro Drive, Suite 250
McLeanVA
zoeyw@etalentnetwork.com
(877) 733-3555 Ext.267

dodd 8140 cyberspace workforce management

January 11, 2016 by Bruce Brown Leave a Comment

What is the DoD Directive 8140?
DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.

Where is the DoDD 8140.01, Cyberworkforce going?
8140 manual may mirror an ongoing initiative that has a lot more categories. Those high level categories would be under a National Initiative for Cybersecurity Education (NICE) framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.

http://diarmfs.com
niccs.us-cert.gov

DoDD Cyberspace Workforce Management 11 Aug 2015

September 23, 2015 by Bruce Brown Leave a Comment

The Department of Defense finally released the Directive for Cyberspace workforce management on 11 Aug 2015. This means that the DODI (instruction) is not far behind. The instruction will be more in the weeds. It is where the “magic happens”. Directives are very high level policy that gives instructions their power to exist.

Cyberspace Workforce Management – http://www.dtic.mil/whs/directives/corres/pdf/814001_2015_dodd.pdf

The Cyberspace Workforce Management directive does the following:

Reissues and renumbers DoD Directive (DoDD) 8570.01 (Reference (a)) to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce.
Authorizes establishment of a DoD cyberspace workforce management council to ensure that the requirements of this directive are met.
Unifies the overall cyberspace workforce and establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace information technology (IT)) to align, manage and standardize cyberspace work roles, baseline qualifications, and training requirements.

Cyberspace Workforce Applies to:

Office of the Secretary of Defense (OSD)
Military Departments (Army, Navy, Air Force, Marines)
Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff
Combatant Commands
Office of the Inspector General of the Department of Defense (IG DoD)
Defense Agencies
Field Activities
DoD Components

It is DoD policy does the following:

Maintains a total force management perspective to provide qualified cyberspace government civilian and military personnel to identified and authorized positions, augmented where appropriate by contracted services support. These personnel function as an integrated workforce with complementary skill sets to provide an agile, flexible response to DoD requirements.
[Make sure] the appropriate mix of military and government civilian positions and contracted support designated to perform cyberspace work roles is determined in accordance with DoD Instruction (DoDI) 1100.22 (Reference (b))
Civilian, military, and contracted support personnel assigned to perform cyberspace work roles must meet qualification standards established in supporting issuances, in addition to other existing workforce qualification and training requirements assigned to billets and position requirements (e.g., acquisition, intelligence, communications).
DoD Component compliance with this directive is monitored via authoritative manpower and personnel systems as an element of mission readiness and as a management review item.
Nothing in this directive replaces or infringes the responsibilities, functions, or authorities of the DoD Component heads or other OSD officials as prescribed by law or Executive order, assigned in chartering DoDDs, or detailed in other DoD policy issuances or, as applicable, in Director of National Intelligence policy issuances.
All authorized users of DoD IT receive initial cybersecurity and information assurance awareness orientation as a condition of access, and thereafter must complete annual cybersecurity and information assurance refresher awareness.

8570_to_8140_01_2015_dodd

Nothing on DoD 8140

April 1, 2015 by Bruce Brown Leave a Comment

In typical government fashion, an important change was mentioned years ago and nothing has come of it. DoD 8570 was supposed to be replaced by DoDD 8140 but it still has not been done yet. The USAF just released Air Force Manual 33-285, CyberSecurity Workforce Improvement Program, 20 March 2015 and it is based on 8570 and not DoDD 8140. Why? Because 8140 does not exist. Is it in draft? Is it ever going to exist? Someone out there knows.

If it is not going to be created, then why are so many official sites, documents and policies in the government still mentioning it?

“The DoDD 8140 (DoDD 8570.1 replacement) is in staffing (administrative and format correction by the DoD then legal review then for signature by the SecDef or DepSecDef. Tentative completion and release date 1st Qtr. FY 15 . The workforce manuals will stem from the signed DoDD 8140” – US Army CIO/G6 Cyber Security Directorate

“DoD Directive 8570.1 provides the basis for an enterprise-wide solution to train, certify, and manage the DoD Information Assurance (IA) workforce.
– Will be replaced by DoD Directive 8140, Cyberspace
Workforce Management in 2-4 months.” – IA Workforce Improvement Program Update (USAF) med.navy.mil

“Ensuring initial IA orientation and annual awareness training are available to all authorized users to ensure they know, understand, and can apply the IA requirements of their system(s) in accordance with reference (d) and will eventually be updated with the publishing of the Department of Defense Directive (DoDD) 8140 in May 2014.” – US Marine Corps Enterprise Cyber Security Directive – CyberSecurity Workforce Improvement Program

“Lack of Standard DoD CS/ITWF-Related Procedures. DON CIO personnel informed us that the Navy did not comprehensively define the overall CS/ITWF or develop a CS/ITWF personnel database because they were waiting for DoD to issue its guidance. We were told that DoD was drafting Directive 8140.aa, “Cyberspace Workforce Management,” reissuing and renumbering DoD Directive 8570.01, “Information Assurance Training, Certification, and Workforce Management,” updating and expanding policies, and assigning responsibilities for managing the DoD workforce performing cyberspace functions” – Cyberspace/Information
Technology Skill Sets for Active Duty Military Personnel at Selected Navy Commands, 19 May 2014

dod 8570 chart

January 21, 2014 by Bruce Brown 3 Comments

The dod 8570 chart is designed to provide guidance for government agencies (mainly in defense) to categorize and identify certification of personnel conducting Information Assurance (IA) functions.

Defense Information Assurance workforce is broken up into category, specialty, level, and function to for better protection of confidentiality, integrity and availability of DoD information, information systems, and networks.

Information Assurance Profiles DoD 8570:

IA Management Level I	IAM Level I personnel are responsible for the implementation and operation of an Information System (IS) within their CE. Personnel ensure that IA related IS are functional and secure within the CE.
IA Management Level II	IAM Level II personnel are responsible for the IA program of an IS within the NE. Personnel in these positions perform a variety of security related tasks, including the development and implementation of system information security standards and procedures. They ensure that IS are functional and secure within the NE.
IA Management Level III	IAM Level III personnel are responsible for ensuring that all enclave IS are functional and secure. They determine the enclaves’ long term IA systems needs and acquisition requirements to accomplish operational objectives. They also develop and implement information security standards and procedures through the certification and accreditation process.
IA Technical Level I	IAT Level I personnel make the CE less vulnerable by correcting flaws and implementing IAT controls in the hardware or software installed within their operational systems.
IA Technical Level II	IAT Level II personnel provide network environment (NE) and advanced level CE support. They pay special attention to intrusion detection, finding and fixing unprotected vulnerabilities, and ensuring that remote access points are well secured. These positions focus on threats and vulnerabilities and improve the security of systems. IAT Level II personnel have mastery of the functions of the IAT Level I position.
IA Technical Level III	PIAT Level III personnel focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the CE, NE, and enclave environments. IAT Level III personnel have mastery of the functions of both the IAT Level I and Level II positions.
CND-SP Analyst (CND-A)	CND-A personnel use data collected from a variety of CND tools (including intrusion detection system alerts, firewall and network traffic logs, and host system logs) to analyze events that occur with their environment.
CND-SP Infrastructure Support (CND-IS)	CND-IS personnel test, implement, deploy, maintain, and administer the infrastructure systems which are required to effectively manage the CND-SP network and resources. This may include, but is not limited to routers, firewalls, intrusion detection/prevention systems, and other CND tools as deployed within the NE or enclave.
CND-SP Incident Responder (CND-IR)	CND-IR personnel investigate and analyze all response activities related to cyber incidents within the NE or Enclave. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information and supporting evidence or artifacts related to an incident or event.
CND-SP Auditor (CND-AU)	CND-AU personnel perform assessments of systems and networks within the NE or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. CND-AUs achieve this through passive evaluations (compliance audits) and active evaluations (penetration tests and/or vulnerability assessments).
CND-SP Manager (CND-SPM)	CND-SPMs oversee the CND-SP operations within their organization. CND-SPMs are responsible for producing guidance for their NE or enclave, assisting with risk assessments and risk management for organizations within their NE or enclave, and are responsible for managing the technical classifications within their organization.
IASAE I	Applies knowledge of IA policy, procedures, and structure to design, develop, and implement CE system(s), system components, or system architectures.
IASAE II	Applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement a secure NE.
IASAE III	Responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system or system component for use within CE, NE, and enclave environments
General User	A user who is granted use of Government Information Systems (IS) and access to Government networks. This is not an IA position.
Power User	Personnel with limited administrative privileges to their PC only. This is not an IA position.

DoD 8570 Chart is being replaced soon with DoDD 8140, Cyberspace workforce which will have 7 high level categories under a National Initiative for Cybersecurity Education framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.