Information Security Assurance Lead

Information Security Assurance Lead

The Information Security Assurance Lead serves as the senior technical and management authority for Information Assurance (IA) and cybersecurity compliance efforts. This role provides expert-level oversight across Assessment & Authorization (A&A), Risk Management Framework (RMF), FISMA compliance, FISCAM audits, and overall IT security posture. The Lead is responsible for supervising IA personnel, coordinating security activities with stakeholders, and ensuring systems maintain Authority to Operate (ATO) and Authority to Connect (ATC). This position requires deep technical acumen, leadership capabilities, and hands-on experience developing, maintaining, and governing enterprise-level security programs within Federal environments.

Key tasks and responsibilities include:

• Leadership
• Serve as the Team Lead, providing daily task direction, technical guidance, scheduling, and performance oversight for IA personnel.
• Maintain expertise in emerging cybersecurity technologies, policies, and federal compliance standards.
• Lead the planning, initiation, and execution of IT security projects, ensuring adherence to scope, deadlines, and cost targets.
• Act as liaison between technical teams, program leadership, auditors, and Government stakeholders.
• Provide advanced documentation development including installation guides, SOPs, troubleshooting procedures, vulnerability management reports, and configuration standards.
• Provide expert-level technical and management leadership on complex cybersecurity tasks and programs.
• Develop and implement security strategies supporting mission objectives and enterprise risk posture.
• Direct major activities related to financial management, staffing, and security compliance.
• Conduct strategic analysis, evaluations, and recommendations to improve system security, efficiency, and compliance.
• Lead studies, surveys, data analysis, and problem identification initiatives, providing actionable recommendations to the Government.
• Risk Management Framework (RMF)/Assessment & Authorization (A&A)
• Perform and manage all RMF steps to obtain and sustain ATO/ATC for systems in compliance with DoD and DIA requirements.
• Conduct periodic security assessments in accordance with DoD RMF, FISMA, and JWICS-related requirements.
• Develop and maintain all required RMF artifacts, including:
• Security Categorization
• System Security Plan (SSP)
• Control Validation/Implementation documentation
• Implementation Plan
• Plan of Action and Milestones (POA&M)
• Acceptance of Risk (AOR)
• Security Override Letter (SOL)
• RMF package and Scorecard
• Deliverables
• Standard Operating Procedures (SOPs)
• Incident Response Plan (IRP)
• Continuity of Operations Plan (COOP)
• Configuration Management Plan (CMP)
• Appointment memos
• DD2875s
• Current ATO, ATC, and ATO with Conditions
• Network diagrams and supporting technical documents
• eMASS Responsibilities
• Maintain system records in eMASS in accordance with DoD RMF and FISMA requirements.
• Ensure all required artifacts, test results, and compliance actions are accurately entered into eMASS.
• Coordinate with the CIO Validator for all RMF actions and approvals.
• Maintain and track the ATO Status Process Calendar, ensuring all action items meet required compliance dates.
• FISMA Compliance
• Perform annual control testing, evidence collection, and compliance analysis.
• Support internal and external FISMA reviews and assessments.
• FISCAM Audit Support
• Document and validate IT general controls applicable to the CCE infrastructure.
• Support FISCAM audits and self-assessments; test and record results of annual IT general controls testing.
• Update and enhance process documentation to address deficiencies identified during audits.
• Security Monitoring & Protection
• Plan, implement, upgrade, and monitor security controls to protect information systems and data.
• Ensure appropriate safeguards are in place to protect digital assets and infrastructure.
• Respond to security incidents, breaches, and vulnerabilities in accordance with approved procedures.
• Coordinate mitigation strategies for all non-compliance issues.
• Desired Skills and Experience
• Expertise in federal cybersecurity frameworks including RMF, FISMA, NIST 800-series, and FISCAM.
• Experience working with DoD, DIA, or IC security compliance programs.
• Strong leadership skills and experience managing technical cybersecurity teams.
• Excellent written and verbal communication skills for technical documentation and stakeholder engagement.
• Proficiency with eMASS, vulnerability management platforms, configuration management tools, and audit tracking systems.

Education & Experience:

• Minimum Education
• Bachelor's degree in a related field required.
• Minimum General Experience
• Ten (10) years of experience in Information Technology.
• At least eight (8) years of experience as a Security Administrator or in a similar technical role, or a closely related IT discipline involving oversight of large, complex, multi-site programs.

Certifications:

• CISSP or equivalent required
• Information Assurance Technical (IAT) II required
• Computing Environment (CE) certification relevant to Microsoft, Linux, Cloud, or other privileged access technologies (required)
• ITIL Required
• Must maintain all mandatory certifications.

Security Clearance:

• Must be a U.S. Citizen.
• Selective Service registration required (if applicable).
• Top Secret Security Clearance required
• Must maintain fitness and eligibility for national security positions.

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.):

• Onsite at customer location

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations. Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Human Resources.