Perform assessments of the networks to identify where those systems and networks deviate from acceptable configurations, enclave policy or local policy.
Perform passive evaluations such as compliance audits and active evaluations such as vulnerability assessments.
Establish strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of networks.
Implement the required government policies (i.e., NISPOM, NIST Publications, DoD Directives, and DHS/CBP Directives).
Interface with the Defense Counterintelligence and Security Agency (DCSA) technical representative, as well as the CBP Information System Security Officer (ISSO).
Make recommendations on process tailoring, participate in and document process activities.
Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Support the formal Security Test and Evaluation (ST&E) required by each government agency accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
Document the results of Certification and Accreditation activities and technical or coordination activity.
Prepare the System Security Plans, as well as update the respective Plan of Actions and Milestones (POA&M).
Periodically conduct a complete review of each systems audits and monitor corrective actions until all actions are closed.
Provide advice on technical security related items to the Program Manager (PM), Deputy Program Manager (DPM) and/or the Facility Security Officer (FSO). Perform other duties as designated by the PM
Develop, maintain, and oversee the system security program and policies.
Ensure compliance with current cyber security policies, concepts and measures.
Develop and implement an effective system security education, training, and awareness program.
Perform risk assessments and documenting results in a Risk Assessment Report and keep the risk assessment current throughout the system life cycle.
Ensure audit records are collected and analyzed in accordance with the system security authorization package.