Essential Functions:
As an Information Security Risk Specialist on our team, you'll use your experience to work with a government client to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You'll review technical, environmental, and personnel details to assess the entire threat landscape. Then, you'll guide the Veterans Administration (VA) client through a plan of action with presentations, white papers, and milestones. You'll work with your client to translate security concepts, so they can make the best decisions to secure their mission critical systems and critical infrastructure. This is your opportunity to work on a team of Information Security specialists while broadening your skills in Risk Management Framework and NIST Security and Privacy controls. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.
Required Experience:
- Experience with NIST special publications and FIPS
- Experience with Information Security and assurance principles, including the NIST Cybersecurity Framework
- Experience with assisting and leading efforts involving presentations, whitepapers, and project milestones
- Experience with assessing NIST security and privacy controls and maintaining Plans of Action and Milestones (POA&Ms)
- Experience with Governance Risk Compliance (GRC) tools, including eMASS or RiskVision
- Experience with providing guidance for the NIST security and privacy controls and for providing sufficient documentation and artifacts for each control in the GRC tool
- Experience in reviewing security requirements, recommending a mitigation strategy for deficiencies, and working directly with clients to provide solutions and education
- Experience in performing annual security reviews in accordance with FISMA reporting
- Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
- Bachelor's degree in CS, Engineering, or IT and 5+ years of experience with IT or 13+ years of experience with IT in lieu of a degree
Desired Experience:
- Experience with Privacy and Security control implementation, testing and assessment, and POAM management
- Experience with using data analytical tools
- Experience with the VA
- Ability to work flexibly in a very fast-paced environment
- Possession of excellent customer service and organization skills
- Possession of excellent verbal and written communication skills
- Public Trust
- CAP, CISSP, CISM, PMP, or CCSK Certification
EEO Minority/Disabled/Veteran/Female