-
Summary
THE OPPORTUNITY The Delegated Authorizing Official Representative (DAOR) supports the organization's Cybersecurity and risk management activities by identifying security requirements, evaluating security controls, and ensuring that systems meet federal information assurance standards. This role works directly with technical teams, stakeholders, and executive leadership to guide secure system development, legacy system integration, and authorization activities across the enterprise. WHAT YOU'LL BE DOING – Assist in identifying security requirements and ensuring appropriate information security controls are implemented to protect organizational data.
– Conduct and analyze security risk assessments, risk analyses, and risk management processes for systems and network operations.
– Support the execution of security control assessments and Cybersecurity awareness activities.
– Ensure Cybersecurity requirements and controls are incorporated into the configuration management process.
– Collaborate with customers, IT personnel, and senior corporate leaders to define and achieve Cybersecurity and risk management objectives.
– Contribute to the development and enhancement of security architecture.
– Assist in integrating legacy systems into modern architectures while ensuring proper security posture.
– Support the acquisition, RDT&E, and system deployment lifecycle by embedding Cybersecurity controls into operational system designs.
– Prepare comprehensive security authorization documentation in accordance with organizational and federal standards. Core Capabilities (Skill Level 3)
– Analyze Cybersecurity controls within systems designated for operational deployment.
– Prepare risk assessments, Plans of Action and Milestones (POA&Ms), authorization recommendations, and all required authorization documentation.
– Identify and support enterprise-wide security requirements to ensure compliance with security policies, controls, and processes.
– Ensure Cybersecurity considerations are included throughout development and risk management lifecycles, with an emphasis on infrastructure protection and defensive IT strategies.
– Facilitate collaboration among customers, IT staff, and senior leadership to achieve organizational risk management goals.
– Support secure integration of legacy systems into current IT environments. WHAT YOU'LL BRING – Active TS/SCI with Full Scope Polygraph (FS Poly) (no exceptions/no sponsorship)
– Eight (8) years of experience as an IT Risk Assessor, System Security Engineer, Information Systems Security Manager, or Delegated Authorizing Official within programs of similar scope, type, and complexity.
– Bachelor's degree in Computer Science, IT Engineering, or a related field.
– In lieu of a degree, an additional four (4) years of experience may be substituted, totaling twelve (12) years. Demonstrated working knowledge of:
– System security design processes
– Defense-in-depth and defense-in-breadth strategies
– Engineering lifecycle principles
– Information domains and cross-domain solutions
– Controlled interfaces
– Identification, authentication, and authorization
– Systems integration
– ICD 503 (formerly NISCAP)
– Risk management frameworks
– Intrusion detection and incident handling
– Contingency planning
– Configuration management and change control
– Auditing processes
– Security authorization processes
– Core Cybersecurity principles (confidentiality, integrity, availability, non repudiation, access control)
– Security testing methodologies
– Position is designated as a DoD 8570.01 Cybersecurity Workforce (CSWF) billet.
– IAM Level III certification is required, as specified by the TIO COR. -
Job Description
THE OPPORTUNITY The Delegated Authorizing Official Representative (DAOR) supports the organization's Cybersecurity and risk management activities by identifying security requirements, evaluating security controls, and ensuring that systems meet federal information assurance standards. This role works directly with technical teams, stakeholders, and executive leadership to guide secure system development, legacy system integration, and authorization activities across the enterprise. WHAT YOU'LL BE DOING – Assist in identifying security requirements and ensuring appropriate information security controls are implemented to protect organizational data.
– Conduct and analyze security risk assessments, risk analyses, and risk management processes for systems and network operations.
– Support the execution of security control assessments and Cybersecurity awareness activities.
– Ensure Cybersecurity requirements and controls are incorporated into the configuration management process.
– Collaborate with customers, IT personnel, and senior corporate leaders to define and achieve Cybersecurity and risk management objectives.
– Contribute to the development and enhancement of security architecture.
– Assist in integrating legacy systems into modern architectures while ensuring proper security posture.
– Support the acquisition, RDT&E, and system deployment lifecycle by embedding Cybersecurity controls into operational system designs.
– Prepare comprehensive security authorization documentation in accordance with organizational and federal standards. Core Capabilities (Skill Level 3)
– Analyze Cybersecurity controls within systems designated for operational deployment.
– Prepare risk assessments, Plans of Action and Milestones (POA&Ms), authorization recommendations, and all required authorization documentation.
– Identify and support enterprise-wide security requirements to ensure compliance with security policies, controls, and processes.
– Ensure Cybersecurity considerations are included throughout development and risk management lifecycles, with an emphasis on infrastructure protection and defensive IT strategies.
– Facilitate collaboration among customers, IT staff, and senior leadership to achieve organizational risk management goals.
– Support secure integration of legacy systems into current IT environments. WHAT YOU'LL BRING – Active TS/SCI with Full Scope Polygraph (FS Poly) (no exceptions/no sponsorship)
– Eight (8) years of experience as an IT Risk Assessor, System Security Engineer, Information Systems Security Manager, or Delegated Authorizing Official within programs of similar scope, type, and complexity.
– Bachelor's degree in Computer Science, IT Engineering, or a related field.
– In lieu of a degree, an additional four (4) years of experience may be substituted, totaling twelve (12) years. Demonstrated working knowledge of:
– System security design processes
– Defense-in-depth and defense-in-breadth strategies
– Engineering lifecycle principles
– Information domains and cross-domain solutions
– Controlled interfaces
– Identification, authentication, and authorization
– Systems integration
– ICD 503 (formerly NISCAP)
– Risk management frameworks
– Intrusion detection and incident handling
– Contingency planning
– Configuration management and change control
– Auditing processes
– Security authorization processes
– Core Cybersecurity principles (confidentiality, integrity, availability, non repudiation, access control)
– Security testing methodologies
– Position is designated as a DoD 8570.01 Cybersecurity Workforce (CSWF) billet.
– IAM Level III certification is required, as specified by the TIO COR. -
ABOUT THE COMPANY
-
-
Government Careers
Show moreGovernment jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
-