Apply on Employer Site

Guidehouse · 2 days ago

Senior Cybersecurity Risk & Compliance Consultant

Arlington, VA

Full-time

Onsite

Mid, Senior Level

$113K/yr - $188K/yr

5+ years exp

Guidehouse is a company that specializes in cybersecurity consulting, and they are seeking a Senior Cybersecurity Risk & Compliance Consultant to support multiple cybersecurity teams. The role involves providing leadership and expertise in areas such as Information Security Continuous Monitoring, cybersecurity audit and compliance, and data protection strategy.

AdviceConsultingManagement Consulting

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead or support the development and execution of cybersecurity strategies aligned with ISCM, IT and Cyber audit, or Data Security teams

ISCM Team: Oversee the ISCM technical architecture, ensuring proper implementation of monitoring, detection, and reporting tools

ISCM Team: Ensure all ISCM activities adhere to federal cybersecurity standards and requirements, including FISMA, NIST Special Publications (especially SP 800-53 and SP 800-137), and DHS Continuous Diagnostics and Mitigation (CDM) initiatives. Support the development of the overall technology and cybersecurity program to deliver against strategic objectives. Evaluate cybersecurity program effectiveness in identifying, managing, and reducing risk

ISCM Team: Provide coordinated support for all aspects of the audit process, from initial scoping and planning to final reporting and remediation

IT and Cyber Audit Team: Review audit plans to assess the adequacy of security controls designed to protect against threats and vulnerabilities

IT and Cyber Audit Team: Support the development of the overall technology and cybersecurity program to deliver against strategic objectives. Evaluate cybersecurity program effectiveness in identifying, managing, and reducing risk

Data Security Team: Support the development and implementation of Zero Trust data protection strategies, including encryption, tokenization, and data masking techniques to secure sensitive government data across networks and repositories

Data Security Team: Design and support the management of identity-centric access controls, defining granular permissions and enforcing least privilege access to government data, aligning Zero Trust principles

Conduct risk assessments and continuous monitoring activities to identify, manage, and mitigate cyber risks

Coordinate and support internal and external audits, including scoping, planning, reporting, and remediation

Ensure compliance with federal cybersecurity frameworks such as NIST SP 800-53, SP 800-137, SP 800-171, SP 800-60, SP 1800-39A, and FIPS 199

Develop and maintain cybersecurity policies, procedures, and documentation

Track and report key performance indicators (KPIs) and metrics to demonstrate control effectiveness and compliance status

Provide expert guidance to system owners, analysts, and leadership on cybersecurity best practices

Present complex findings and recommendations to technical and executive audiences

Collaborate with internal teams and external stakeholders, including federal agencies such as CISA and the Department of State

Qualification

Cybersecurity AuditInformation Security Continuous MonitoringData Protection StrategyFederal Cybersecurity StandardsZero Trust PrinciplesRisk AssessmentsCybersecurity CertificationsCommunication SkillsCollaboration Skills

Required

An ACTIVE and MAINTAINED SECRET federal security clearance

Bachelor's Degree and SEVEN (7) years of relevant cybersecurity experience, OR a Master's Degree and FIVE (5) years of relevant experience

Excellent verbal and written communication skills, specifically in report writing

One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Authorization Professional (CAP) / Certified in Governance, Risk and Compliance (CGRC), Certified Information Systems Auditor (CISA), ISC2 Zero Trust Strategy Certificate