Clinger Cohen Act (CCA) / Cybersecurity Compliance Specialist

Sabre Systems is hing for a Clinger Cohen Act (CCA) / Cybersecurity Compliance Specialist to support one of our customers located at Patuxent River Naval Air Station in Lexington Park, MD. The Senior CCA and Cybersecurity Compliance Specialist will provide expert-level guidance and support to ensure documentation of compliance with the Clinger-Cohen Act (CCA) and Department of Defense (DoD) Cybersecurity Strategy requirements for NAVAIR programs and systems. This role involves working closely with Program Managers, system owners, cybersecurity teams, and procurement personnel to ensure that the record of IT investment decisions intended to align with mission objectives, deliver value, meet all statutory and regulatory requirements established under U.S.C. 40 Subsection III (Clinger Cohen Act [CCA]). The specialist will also play a critical role in developing, reviewing, and implementing cybersecurity strategies compliant with U.S.C. 10 Section 2223 and U.S.C.44 Section 3502 (Federal Information Assurance Management Act [FISMA]) to protect NAVAIR's mission-critical and mission essential, systems and data. These requirements apply to major acquisition and defense business systems, IT services and minor IT procurements (hardware, software, firmware).

Key Responsibilities

Clinger-Cohen Act (CCA) Compliance

1. IT Investment Oversight

• Assist PMOs with ensuring all IT investments comply with the Clinger-Cohen Act by aligning with NAVAIR's strategic goals and DoD IT governance frameworks.
• Conduct reviews of IT acquisition strategies, business cases, and program documentation to ensure compliance with statutory and regulatory requirements.
• Compliance may be documented with evidence aligning with the 11 elements of the Clinger Cohen Act
• Alternatively, when the procurement is not part of a program subject to a milestone decision, compliance may be established by documenting compliance to the Raines' Rules, named after former OMB Director Raines. Originally published in OMB Circular A-11. Also known as the 3 Pesky Questions.

1. Stakeholder Engagement
• Collaborate with program managers, acquisition teams, and other stakeholders to ensure proper documentation of how IT investments met or plans to invest in IT meet mission needs and comply with CCA requirements.
• Provide training and guidance on CCA compliance to program teams and leadership.

Cybersecurity Strategy Compliance

1. Cybersecurity Policy and Strategy Development
• Ensure PEO/PMA, system owners' development and implementation of cybersecurity strategies align with DoD and NAVAIR policies, including National Institute of Standards and Technology (NIST), DON Risk Management Framework (RMF), cyber resilience and survivability and Zero Trust Architecture principles.
• Conduct liaisons at both first echelon and second echelon to achieve approvals from cognizant authorities
• Ensure cybersecurity strategies (documents) address emerging threats, vulnerabilities, and mission-critical requirements to achieve formal approval by cognizant authority as document in SECNAV 5000,2G and Department of War Acquisition University (DAU) Adaptive Acquisition Framework Document Identification (AAFDID)
2. Collaboration and Coordination
• Dependent upon the level of investment, cognizance ranges from the DoW Chief Information Officer (DoW CIO), Department of the Navy (DON) Chief Information Officer (DON CIO) to the Command Information Officer. Applicable to Acquisition Category (ACAT) programs, Business Acquisitin Category (BCAT) programs and Abbreviated Acquisition Programs (AAP) at all levels.
• Work closely with cybersecurity teams, system owners, and program managers to integrate cybersecurity requirements into system development and acquisition processes.
• Serve as a liaison between NAVAIR and external entities, including DoD, Navy, and industry partners, on cybersecurity compliance matters.

Required Qualifications

Education:

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related field.
• Master's degree preferred.

Experience:

• Minimum of 10 years of experience in IT governance, cybersecurity, or related fields, with at least 5 years supporting DoD programs.
• Demonstrated experience with Clinger-Cohen Act compliance, including IT investment management and Capital Planning and Investment Control (CPIC) processes.
• Proven expertise in developing and implementing cybersecurity strategies for large, complex organizations.
• Must be a U.S. Citizen

Clearance Requirement: ActiveDoD Secret Clearance is required. A DoD Top Secret Clearance is preferred.

Skills and Competencies:

• In-depth knowledge of the CCA, DoD IT governance frameworks, and related policies.
• Strong understanding of cybersecurity frameworks, including NIST RMF, NIST SP 800-53, NIST SP 800-59 and Zero Trust Architecture.
• Excellent analytical and problem-solving skills, with the ability to assess complex IT and cybersecurity challenges.
• Strong communication and interpersonal skills, with the ability to effectively engage with stakeholders at all levels.
• Proficiency in tools such as eMASS (Enterprise Mission Assurance Support Service), DoD IT Portfolio Repository (DITPR), and other DoD IT management systems.

Preferred Qualifications

• Experience supporting NAVAIR programs or other Navy/DoD Organizations.
• Familiarity with Navy IT systems, networks, and acquisition processes.
• Knowledge of emerging technologies, such as cloud computing, artificial intelligence, and edge computing, and their implications for cybersecurity and IT governance.

#LI-EN1

Sabre Systems, LLC, has been providing innovative technological solutions and services for Department of Defense, Federal Civilian, and commercial customers for more than 35 years. We support the ever-evolving areas of advanced communication technologies, cyber, systems and software engineering, and digital transformation.

With over three decades in business, Sabre Systems, LLC remains committed to our small business values and a people-first philosophy. We foster a welcoming, inclusive culture that values diverse perspectives and encourages open communication. Our collaborative environment supports continuous learning and professional growth at all levels. We prioritize the health, well-being, and success of our employees, offering comprehensive, evolving benefits designed to meet their diverse needs. Join us and be part of a thriving, people-driven culture.

We respect the unique perspectives that a diverse workforce of minorities, women, individuals with disabilities, and protected veterans brings not only to our company, but also to our customers. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, gender identity and sexual orientation), national origin, age, disability or genetic information.

EEO Minorities/Females/Disability/Veterans; VEVRAA Federal Contractor

Beware of employment scams-Sabre Systems will never request payment, extend offers without an interview, or contact you from an email that doesn't end in @sabresystems.com; always apply directly at https://careers.sabresystems.com/.