Risk Management Analyst

About us: 

Gen3 Technology Consulting is an SBA-certified Woman-Owned Small Business (WOSB) providing a diverse set of technology services and solutions to federal and commercial clients. Founded in 2017, Gen3 leverages over 25 years of information technology management and leadership experience to help our clients define, plan, manage, and achieve their strategic vision while protecting their critical IT assets. We attract and retain the highest caliber of talent by supporting an inclusive work environment, cultivating growth and leadership both professionally and personally, and encouraging work-life balance. We strive to make it our priority to be compassionate, family-friendly, respectful, and flexible.   

Gen3’s Joint Ventures, Pivotal Impact (JV with Caldwich) and VetCentric (JV with PingWind) expand our team’s knowledge and expertise as we pool resources to bring federal agencies strong technical, program management, and cyber security solutions, derived by a disciplined management consulting approach. Please note that the position is subject to award.

About the role:

The Risk Management Analyst will provide recommendations, create documentation, and revise documentation and guidance for standards and policies. The Risk Management Analyst will also perform cybersecurity strategy and policy analysis, provide recommendations for documentation and implementation enhancements, and analyze the development of Cybersecurity and continuous monitoring strategy and policy documents and processes to support the client, with a primary focus on the orchestration of vulnerability management practices in all stages of system and application security,  ensuring vulnerability remediation activities align with enterprise Risk Management strategy.

Location: Remote Lanham, MD, U.S. 

What you'll do: 

• Work with ISSOs to verify and manage system vulnerability reports, triage new vulnerabilities, and monitor remediation progress to completion.
• Identify and assess the current ISSM operating environment.
• Conduct gap analysis for ISSM processes, procedures, and best practices.
• Provide recommended framework solution(s) for ISSM review and adoption.
• Develop and implement the adopted framework.
• Conduct periodic reviews and update the framework as required.
• Provide documentation, timelines, and status reports on progress.
• Develop required documentation for ISSM guidance and usage including, but not limited to, Standard Operating Procedures (SOPs), training guides, and memos to support the framework.
• Review current ISSM vulnerability remediation and compliance processes and identify process areas where automated solutions may be utilized to consolidate vulnerability and compliance data into a single reporting system.
• Present automated solution option(s) for ISSM review and adoption.
• Develop and implement the accepted automated solution(s).
• Create, revise, and update Information Technology Standards and Policies.
• Perform business analysis on cybersecurity programs.
• Maintain cyber policies, regulations, and compliance documents.
• Perform strategic planning that improves Vulnerability Management (VM) programs within large/complex environments.
• Identify how security controls are implemented and use knowledge to shape standards.
• Lead and engage a team of teams (internal/client) with the ability to forge relationships across multiple stakeholder groups to mature Vulnerability Management.

What you'll need:

• Bachelor’s degree in cybersecurity, IT, or Engineering and 3-5 years of relevant experience with Cybersecurity, Risk Management, or risk assessment for complex systems. Or an HS diploma or GED and 18+ years of relevant experience. 
• 5+ years of experience creating, revising, and updating Information Technology standards and policies.
• Knowledge of the RMF process.
• Strong written and oral communication skills, proactive with customer satisfaction as the primary goal.

What's desired to have:

• Knowledge of NIST Standards and System Development Life Cycle (SDLC) and Capability Maturity Model Integration (CMMI) methodologies.
• Experience with maintaining a secure Cyber environment through configuration management, administration, and response actions.
• Experience with engineering, implementing, and monitoring security measures for the protection of systems, networks, and information.
• Experience with Microsoft Teams, Microsoft Visio, and Microsoft Office.
• Experience as a Systems Certifier.
• Experience with NIST security controls, governance, Risk Management, and compliance
• Ability to be innovative in providing solutions and quickly learn new technologies and tools.
• Possess a technical background in guiding policymakers and interpreting existing policy in accordance with Federal objectives.
• Public Trust clearance.
• CISSP certification.

What's in it for you (full-time Gen3 employees):

• Competitive compensation.
• Comprehensive health, vision, and dental benefits.
• 3 weeks of PTO per year accruing from day one with a PTO exchange program.
• 11 days of paid Federal Holidays.
• $3k annual tuition reimbursement.
• 401(k) with a matching plan.
• Pet insurance.
• Life and AD&D insurance.
• Short-term and Long-term disability insurance.

Employment eligibility: Eligible to work for any employer in the United States without requiring sponsorship. Most of our positions require a government security clearance, you must be a US Citizen or Green Card holder for consideration. Certain positions require at least three (3) of the past five (5) years of residence in the United States.

Other requirements:

• A minimum of three (3) out of the past five (5) years of residency in the United States is mandatory.
• Candidates must possess either an active green card or citizenship.
• Prospective employees offered a position must have work authorization that does not necessitate employer-sponsored visa sponsorship, both presently and in the future.
• Those selected for this role may undergo a government security investigation and must meet the eligibility criteria for accessing classified information or be eligible for security clearances.

Veteran and HUBZone friendly employer.

E-Verify employer.EOE Statement: Females, minorities, protected veterans, and individuals with disabilities. Gen3 is committed to fostering and empowering an inclusive community within our company. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law.

Accommodation: Please contact the recruiting team at recruiting@gen3technology.com if you would like to request a reasonable accommodation during the application or interviewing process.

Powered by JazzHR

covBfDIh9I