Peraton ยท 3 days ago
Senior Cyber Risk Management Engineer
Wonder how qualified you are to the job?
Information TechnologyRobotics
Insider Connection @Peraton
Responsibilities
(Primary role) Maintain Cybersecurity & IT risk identification, mitigation, and acceptance processes in coordination with security and IT operations. Works with business and functional areas to perform risk assessments and make appropriate risk treatment decisions.
(Primary Role) Lead risk management meetings with stakeholders to identify, perform risk assessment intake and track enterprise risk through its complete life cycle.
Provide audit support for DFARs 800-171, ISO 27001 and other audits as needed.
Plans and coordinates the operational activities to guarantee compliance with governmental regulations and ordinances. The role will also develop risk management strategies to avoid non-compliance findings.
Duties include but are limited to ensuring that all policies and procedures are implemented and well documented, performing internal reviews, and identifying compliance problems that call for formal attention.
Assist in the design, deploy, and maintain the IT general control framework that is consistent with NIST 800-171.
Maintenance and reporting of key information security metrics and reports for both operational management and corporate executives.
Monitors regulatory environment for impact on security and IT risk programs and initiatives.
Regularly review policies, standards and procedures to confirm they are current with existing threat landscape.
Responsible for performing information security risk assessments according to defined scope.
Responsible for compliance with DFARS/NIST 800-171, ISO 27001, ISO 31000, NIST Cybersecurity Framework, ITAR, and other Federal regulations, including any new regulatory initiatives applicable to the business (e.g. GDPR).
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor's degree in any of the sciences, information systems or business with 8 years of experience or master's degree and 6 years of experience or PhD and 3 years of experience. Equivalent experience may be considered in lieu of degree.
Proven experience working and assessing security controls within DoD and Federal enterprise environments.
Experience in FISMA, NIST, ISO or other Federal Assessment and Authorization (A&A) process, tools, and documentation (SSP, POA&M, CP, CM Plan, and others).
Strong understanding of information security and the relationship between threat, vulnerability, and information value in the context of risk management.
Ability to work with and guide the company's operational units in managing overall risk, complying with Federal mandates, and meeting client security requirements.
Strong understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.)
US Citizenship
Preferred
CISSP, CISA, CRISC or information security professional certification applicable to risk management.
Experience in NIST 800-53, NIST 800-160
Experience with GRC automation software such as ServiceNow Information and Risk Management (IRM), eMass, Archer, CSAM, Xacta or other compliance and workflow tools.
Possess a good understanding of appropriate leading-edge governance-enabling technologies.
Ability to analyze complex problems, identify root cause and recommend/negotiate reasonable solutions.
Benefits
Paid Time-Off and Holidays
Retirement
Life & Disability Insurance
Career Development
Tuition Assistance and Student Loan Financing
Paid Parental Leave
Additional Benefits
Medical, Dental, & Vision Care
Company
Peraton
Peraton Fearlessly solving the toughest national security challenges.
Funding
Current Stage
Late StageRecent News
2024-04-18
2024-04-01
Company data provided by crunchbase