Job Description

Introduction
Information and Data are some of the most important organizational assets in todays businesses. As a Security Consultant, you will be a key advisor for IBMs clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the clients organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities

The Federal Service Sector consulting practice is a trusted advisor to federal, state and local governments, partnering to meet challenges and responding quickly to citizen demands, business needs, new economic conditions, and changing legislative priorities and policies.

In this exciting role, you will be responsible for security compliance of the solution.

* You will lead and assist in the implementation and maintenance of SA&A efforts, validation of system security controls, creating/maintaining security processes/procedures and maintaining continued security compliance for various customers.
* Requires you to interface with external customers, to understand contract requirements.
* You will be in charge of the Risk Management Framework (RMF) efforts and provide knowledge and services that support system compliance using DoD RMF.
* The IAO will also assist with and lead the efforts to implement and maintain SA&A efforts, validation of system security controls, creating/maintaining security processes/procedures, and effectively communicate all working initiatives with the team and client.
* You will interface with external customers, to understand contract requirements and define IA related requirements including the estimated level of effort (LOE) to complete taskings that meet the goals of the customer.
* You will also provide Information Assurance subject matter expertise and translate security requirements into technical designs/solutions.
* You would follow the NIST Risk Management Framework A&A process to achieve an Authority to Operate (ATO) and maintain security compliance for DoD customers (40%)
* Maintain Plan of Actions and Milestones for client systems. (20%)
* Ensure system security requirements are addressed during all phases of the system life cycle. (25%)
* Collaborate with the specific government and/or industry A&A authorities to ensure IA security compliance. (5%)
* Coordinate with the IT staff to ensure all IA related issues are addressed during the preliminary and follow-on engineering phases (10%)

Required Technical and Professional Expertise

* RMF or DIACAP A&A lifecycle 2-4 Years experience
* Conduct Information Assurance Control Assessment for DIACAP or NIST controls 2-4 Years Experience
* Vulnerability compliance and remediation reporting 2-4 Years Experience
* Maintain System Plan of Action and Milestones (POA&M) 2-4 Years experience
* Certified in industry recognized areas such as CISSP, CISA, or Security+
* Security clearance: United States DoD Secret

Preferred Technical and Professional Expertise

* NIST Risk Management Framework (RMF) 2-4 Years Experience
* FedRAMP Regulations 2 Year Experience
* Governance, Risk, & Compliance (GRC) Applications (e.g. Xacta, Archer, or eMASS) 2 Year Experience

US Citizenship