Plan of Action and Milestone Analyst
JOB TITLE: POA&M Analyst
REPORTS TO: Program Manager
FLSA STATUS (EXEMPT/NON-EXEMPT): Exempt
PLACE OF PERFORMANCE: U.S. Department of Agriculture HQ, Washington, DC; Significant telecommuting authorized
SECURITY CLEARANCE REQUIREMENTS: Public Trust
SALARY RANGE: $95k-105k
JOB SUMMARY: Supports the USDA CISO Continuous Diagnostic and Mitigation (CDM) program through the management of Department Plan of Action and Milestones (POA&Ms)
ESSENTIAL DUTIES AND RESPONSIBILITIES
* Track and report DHS hygiene POA&Ms remediation based upon the Information Security Auditor (ISA) proposed plan related to the Hi-Criticality vulnerabilities.
* Provide responses to DHS weekly hygiene reports as it pertains to POA&M activities.
* Work with Department POA&M Program Lead, USDA agencies CISO and/or ISSPMs, and other OCIO ASOC staff providing accurate, up-to-date POA&M information for the weekly DHS hygiene reports.
* Use analytical and deductive reasoning skills, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements.
* Compose executive-level reports on weekly DHS hygiene reports on USDA agencies for Senior Leadership review.
* Provide Department POA&M Program Lead and Division Director with analysis and metric information pertaining to DHS hygiene POA&M statistics; present and report out on high criticality vulnerabilities to ensure information provided is accurate and timely.
* Perform POA&M oversight capability using the DOJ/USDA CSAM tool; participating in constant engagement with agencies; while ensuring that all entries are accurate and fully provided information for high criticality POA&M activities (fill in all mandatory fields, report on impending due dates, past due information, cost information, etc.)
* Review artifacts and other items in CSAM for POA&M closure.
* Experience, Competencies and Education
College (4 year) degree and 3-5 years working in the information security field; detailed oriented; certifications preferred; must have solid experience in developing solutions that satisfy Federal, legal, and regulatory requirements (FISMA, GISRA, OMB and NIST guidance and regulations); must have strong technical skills and understand: information systems, network protocols, firewalls, IDS systems, vulnerability scan reports, etc.
Related experience may be substituted for education. Education and experience requirements will be determined jointly by OSS and the customer.
* Language Skills
Ability to read, analyze, and interpret complex documents.
AMERICANS WITH DISABILITY SPECIFICATIONS
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear; taste or smell. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.
Work environment characteristics described here are representative of those that