Technical Manager - DataLock Consulting Group

This is a remote position.

Job Description- Technical Manager

1. POSITION TITLE

Technical Manager

2. REPORTS TO

Managing Partner

3. DELEGATION OF DUTIES DURING ABSENCE

Managing Partner. To be determined prior to time of absence.

4. SUMMARY

The Technical Manager\Lead Security Assessor will conduct security control assessments of the security and privacy controls implemented by an information system to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary. Following the NIST Cybersecurity Framework, Risk Management Framework and using NIST 800-53A, verifies the security status of existing information systems with an Authority to Operate (ATO) by performing appropriate assessments on any new system developed or deployed by the customer, and conducts audits of security controls to ensure continuous monitoring of systems assigned. Assesses systems that have previously been assessed and received an ATO and systems that have not yet been assessed and do not have an ATO.

5. RESPONSIBILITES

• Assist in developing a Security Control Assessment (SCA) strategy for the organization; to include an overall assessment process flow or swim-lane diagram which documents the steps required to conduct assessment activities and interact with all necessary parties.
• Integrate SCA functions with overall continuous monitoring and Continuous Diagnostic and Mitigation (CDM).
• Serve as a technical manager and assigns tasks to the security assessment lead; develop associated schedules and resource plans to complete the assessments.
• Identify and document the appropriate security assessment level of effort and project management information to include tasks, reviews (including compliance reviews), resources, due dates, and milestones for the system being tested
• Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).
• Work closely with ISSOs (contractors and Government) and the technical team and ensure all appropriate A&A supporting documentation is provided prior to conducting the assessment.
• Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.
• Conduct Security Assessment Kickoff briefings and SAR briefings.
• Review cyber/system/network security body of evidence and documentation for accuracy and completeness.
• Conduct security controls assessment of applicable security controls and privacy controls; assess implemented security controls and provide assurance that they are operati