AddressAt phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is currently seeking a Cyber Risk Management Specialistto support a large Federal agency in developing and implementing enterprise-wide cybersecurity policies, processes and procedures related to managing Cyber Risks. While this opportunity is contingent upon a contract award, we welcome the start of a conversation now! Hybrid flexibility within the DMV (DC/MD/VA) Metro area
What You'll Do
- Facilitate development and communication of agency-wide policies and guidance for implementation of emerging mandates and other government-wide initiatives related to cybersecurity Risk Management (e.g. Cybersecurity & Infrastructure Security Agency (CISA) directives and Office of Management and Budget (OMB) mandates).
- Develop and support processes for consolidating cybersecurity risk information and incorporating into the enterprise risk register.
- Update and maintain cybersecurity Risk Management strategy and guidance documentation (e.g. Cyber Risk strategy, continuous monitoring strategy, C-SCRM strategy, etc.).
- Develop and maintain processes to enable cybersecurity risk analysis from an agency-wide perspective. This includes but is not limited to IT hardware and software vulnerabilities, exceptions to egress network access and filtering policies, IT acquisitions and exceptions to required IT configuration management standards.
- Support development, maintenance and tracking of the enterprise Cyber Supply Chain Risk Management (C-SCRM) implementation plan.
- Develop and maintain Standard Operating Procedures (SOPs) and required supporting materials for C-SCRM program operations.
- Support development and management of agendas for monthly and ad-hoc working group meetings.
- Develop and maintain SOPs and required supporting materials for High Value Asset (HVA) program operations.
- Support HVA data collection and reporting processes (e.g. FISMA metrics, vulnerability remediation reports, etc.).
Education + Requirements
- 5 years of related professional experience, or
- Bachelor's degree + 1 year of related experience
- Excellent written and oral communication skills.
- Technical and operational understanding of cybersecurity vulnerabilities, threats, and mitigations.
- Experience with Cybersecurity Supply Chain Risk Management (C-SCRM) policies, processes, and assessment standards.
- Experience with integrating/tracking C-SCRM data in Governance, Risk and Compliance (GRC) tools (Xacta360 or similar).
Security Clearance
- U.S. citizenship
- Ability to achieve Public Trust or higher
Preferred Skills and Experience
- Experience with Xacta Cyber Risk Management tools (e.g. Xacta360).
- Experience working within U.S. Federal departments and agencies.
#LI-LC1
Who You Are
· A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
· Intellectually curious with a genuine desire to learn and advance your career.
· An effective communicator, both verbally and in writing.
· Customer service oriented and mission focused.
· Critical thinker with excellent problem-solving skills
If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Are
phia, LLC is a Northern Virginia-based, 8a certified small business established in 2011 with a focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
· phia values work-life balance and offers the following benefits to full-time employees:
· Comprehensive medical insurance to include dental and vision
· Short Term & Long-Term Disability
· 401k Retirement Savings Plan with Company Match
· Tuition and Professional Development Assistance
· Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
