UMCS Program Protection/Information Risk Analyst

***Security Clearance Required: Secret Clearance***To be considered for an interview, please make sure your application is full in line with the job specs as found below.Primary Responsibilities:This position will provide cyber-security expertise support to the Naval Air Warfare Center (NAWC) AIRWorks UMCS project. Primary responsibilities include supporting the UMCS Program Office cyber lead with analysis, guidance, and recommendations on managing UMCS vulnerabilities, conducting system risk assessments, and developing system security plans in accordance with NIST 800-53 and DoD/DON Risk Management Framework (RMF) policies and standards.Primary tasks include:Support of Program Office Information Systems Security Manager (ISSM), System Security Engineer, FSCAL, Team Leads to ensure secure system design, integration, and deployment.Support integration of cyber-security throughout the Software Development Life Cycle (SDLC), providing leadership on secure design, vulnerability remediation, and incident response planning.Coordinate with system vendors and development teams in the development, review, and validation of Authority to Operate (ATO), Interim Authority to Test (IATT), Memorandum for the Record (MFR), and cyber authorization packages, ensuring compliance across security environments.Lead efforts in the development, tailoring, and enforcement of cyber-security policies, procedures, and secure technical implementation guides (STIGs).Advise on cloud Authorization and Accreditation (A&A), including Amazon GovCloud, and oversee shared control assessments and compliance activities.Tasks Performed:Demonstrated Knowledge:Lead validation and risk assessment activities as a Navy Qualified Validator (or equivalent) across UMCS systems and networks.Author and oversee implementation of System Security Plans (SSP), Security Assessment Reports (SAR), Contingency Plans, and Incident Response Plans.Support audit preparation and response, including developing artifacts, leading remediation, and ensuring audit success.Manage security scans and audits using ACAS, STIG tools, and eMASS; interpret results and drive corrective actions with technical teams.Track and report on over-arching cyber-security metrics, including vulnerability management status, POA&M progress, authorization timelines, and compliance milestones using Power BI or equivalent tools.Manage senior level cyber-security meetings, briefings, and decision-making sessions, providing leadership with data-driven insights, metrics, and risk recommendations.Coordinate cross-organizational efforts to meet OPORD, TASKORD, and POA&M compliance, ensuring vulnerabilities are tracked, mitigated, and closed within mandated timelines.Participate in enterprise-wide cyber-security initiatives, including cloud security, cross-domain solutions, and A&A migrations.Provide mentorship and training to cyber staff and project/program team members on RMF, eMASS, and cyber-security best practices.Education/Experience:Security+ and/or ISACA CISM certification.Enterprise Mission Assurance Support Service (eMASS) experience.Security Technical Implementation Guide (STIG) implementation/support experience.JIRA knowledge.SENIOR: A Senior level person within a labor category has over 10 years of experience related to the functional duties for that labor category and a MA/MS degree.Allowable Education/ Experience Substitutions:Bachelor's Degree plus four (4) years of additional relevant work experience may be substituted for a master's degree.Desired Experience:Navy Qualified Validator (or comparable senior certification) strongly preferred.Familiarity with cloud environments, particularly Amazon GovCloud, and associated compliance frameworks.Experience with unmanned aerial system mission control systems is desired.Demonstrated experience supporting cyber-security within complex, multi-stakeholder DoD programs.Expert knowledge of NIST 800-53, DODI 8510, and SECNAV M-5239.3Strong leadership, mentorship, and stakeholder communication skills, with the ability to brief senior leadership and guide program-level decisions.Security Clearance Required: Secret Clearance.Estimated Travel: 15%Location: On-site Lexington Park, MD. Remote Potential.CRL Technologies is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sexual orientation, color, religion, national origin, age, disability, veteran status, genetic data, or religion or other legally protected status.

Created: 2025-07-19