Cypress HCM

Cypress HCM is hiring: Authorization Program Lead in McLean

Cypress HCM, McLean, VA, US

Job Description

Authorization Program Lead/Cybersecurity Specialist

We are seeking a highly motivated and experienced Cybersecurity Specialist or Authorization Program Lead to support our Department of Defense (DOD) and other government agency clients in their effort to achieve ATO. The ideal candidate will have a strong background in the full lifecycle of the Risk Management Framework (RMF) and a deep understanding of the DOD Agency Authorization to Operate (ATO) process. This role will involve working with various stakeholders to ensure that systems and applications meet security requirements and are authorized for operation.

Responsibilities:

RMF and ATO Management: Lead and support the full lifecycle of the Risk Management Framework (RMF) process, from system categorization to continuous monitoring. Manage and track all activities required to achieve an Agency Authorization to Operate (ATO) across multiple concurrent ATOs. Establish a repeatable and scalable process to be used for all DOD and Agency ATOs.
Documentation and Artifacts: Develop, review, and maintain all required security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Actions and Milestones (POA&Ms), and Consequence of Operations (CONOPS) plans.
Security Control Assessments: Conduct comprehensive security control assessments and evaluations to ensure compliance with DOD and government security policies, including NIST SP 800-53, DISA STIGs, and other relevant directives.
Collaboration: Work closely with system owners, developers, ISSOs, and other stakeholders to identify, document, and mitigate security vulnerabilities and risks.
Vulnerability and Risk Management: Develop and manage Plan of Actions and Milestones (POA&Ms) to track and remediate identified vulnerabilities. Provide expert guidance on risk mitigation strategies.
Policy and Compliance: Interpret and apply federal and DOD cybersecurity policies and regulations, providing guidance to project teams to ensure compliance.
Reporting and Briefings: Prepare and present status updates, reports, and security briefings to management and government clients.
Continuous Monitoring: Support the continuous monitoring program by conducting regular security reviews, vulnerability scans, and audits to maintain the security posture of authorized systems.

Requirements:

Required Qualifications:

Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent experience may be considered in lieu of a degree.
Experience: 7+ years of experience in a cybersecurity role, specifically supporting DOD or other federal government Authorization to Operate (ATO) efforts.
RMF Expertise: In-depth knowledge of the NIST Risk Management Framework (RMF) and its application in the DOD environment.
Technical Knowledge: Familiarity with cybersecurity tools and technologies, including vulnerability scanners (e.g., ACAS/Nessus), GRC platforms (e.g., eMASS, Xacta), and security information and event management (SIEM) systems.
Communication: Excellent written and verbal communication skills, with the ability to effectively communicate complex technical information to both technical and non-technical audiences.
Attention to Detail: Strong organizational skills and meticulous attention to detail are crucial for managing complex documentation and compliance requirements.

Preferred Qualifications:

Experience with specific DOD systems and processes (e.g., eMASS, RMF Knowledge Service, etc.).
Experience with AI tools to streamline the ATO process.
Experience with cloud security and supporting ATOs for cloud-based systems (e.g., FedRAMP, DOD Cloud SRG).
Knowledge of specific government agency policies (e.g., FISMA, FedRAMP).
Experience with a scripting language (e.g., Python, PowerShell) for automation tasks.

Compensation:

Up to $79.31/hr. (W2)

Req# 517