Delegated Authorizing Official Representative, Level 2

About This Role

This role supports cybersecurity risk management efforts for enterprise systems, ensuring secure integration of legacy and new systems, preparing risk documentation, and collaborating with stakeholders to meet security and compliance requirements for mission-critical systems.

Responsibilities

• Perform security planning, assessment, risk analysis, risk management, and documentation
• Conduct risk assessments to support integration of legacy systems into the current IT environment
• Review and analyze security controls embedded in systems destined for operational environments
• Identify overall security requirements to protect data and ensure appropriate information security controls are implemented
• Prepare and review security authorization documentation, including risk assessments, authorization recommendations, and Plans of Action and Milestones (POA&Ms)
• Ensure that cybersecurity requirements are addressed in system development, configuration management, and risk processes
• Contribute to the development of security architecture and integration of cybersecurity into RDT&E and operational systems
• Support the configuration management process to ensure appropriate security measures are incorporated into system updates
• Work with customers, IT staff, and executive stakeholders to define and achieve security and compliance objectives
• Contribute to system acquisition planning with cybersecurity built-in from the start

Requirements

• Knowledge and practical experience in cybersecurity risk assessment, risk analysis, and risk management processes
• Understanding of cybersecurity controls, infrastructure protection, and defensive IT strategies
• Familiarity with system security engineering principles and documentation practices
• Ability to analyze security architectures and assess system security controls in complex environments
• Strong interpersonal skills with experience interacting with technical teams, system owners, and senior leadership
• Proficient in preparing and reviewing documentation for system security authorization processes
• Experience in integrating cybersecurity into configuration and change management processes
• Working knowledge of Defense-in-depth concepts
• Working knowledge of Engineering lifecycle and system security design
• Working knowledge of Information assurance principles (confidentiality, integrity, availability, non-repudiation, access control)
• Working knowledge of Controlled interfaces, cross-domain solutions, and authentication/authorization methods
• Working knowledge of Risk management frameworks including ICD 503 (formerly DCID/NISCAP)
• Working knowledge of Incident handling, auditing, and intrusion detection methods

Qualifications

• Bachelor's degree in Computer Science, Information Technology, Engineering, or related technical discipline from an accredited college or university
• Minimum of four (4) years of relevant experience as an IT Risk Assessor, System

Certifications