Develop and maintain C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements. These artifacts must meet all applicable FISMA, NIST, VA, and CDCO criteria, including obtaining management approval. This will involve researching information through documentation review, interview, and the use of automated tools such as the Configuration Management Database.

Continually monitor specific change orders for information that can be used to update documentation through the use of tools such as CA Unicenter.

Perform a risk assessment on an application according to NIST SP 800-30.

Assess security controls for annual FISMA self-assessment testing through interview, documentation review, analyzing scan results, and reviewing other audits/reviews for applicable findings,

Maintain a high-level of knowledge on related criteria and guidance such as FISMA, NIST Special Pubs, OMB Memorandum, Privacy Act, HIPAA, VA directives and handbooks, and local directives and handbooks.

Provide information assurance policy guidance to both internal and external customers.

Act as interface with customer to provide audit support for both internal and external audits and reviews.

Meet with task order Contracting Officer’s Technical Representative (COTR) and/or Project Manager on a bi-monthly basis to discuss status of work. Meet with Contracting Officer and PM on an as-needed basis to discuss problems and concerns, status of work, changes in assignments or other contract related issues.