Apply on Employer Site

Solutions By Design II, LLC (now Evolver Federal) · 2 months ago

Senior Cybersecurity Risk Management Analyst

Springfield,VA,US

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Evolver Federal is seeking a Senior Cybersecurity Risk Management Analyst to support its Federal client in Springfield, VA in managing a portfolio of systems participating in Ongoing Authorization/ Continuous ATO. This role will ensure compliance with established guidance/processes for Ongoing Authorization (OA) including developing and reviewing security documentation and conducting internal compliance reviews.

ConsultingCRMCyber SecurityInformation TechnologyInfrastructureRoboticsSoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Provide security SME-level input to working groups to improve FISMA metrics and continuous monitoring processes

Advise on architectural requirements for system/network security, Active Directory, application integration, and system hierarchy

Analyze data from continuous monitoring, configuration, vulnerability, asset, and software management tool output to identify security trends and risks

Support risk mitigation through performance analysis and anomaly detection

Guide System Team stakeholders on OA processes and ensure compliance with OA Methodology

Perform document reviews for all security documentation in support of initial authorization, reauthorization, and ongoing Security Authorization packages, as well as compile and prepare authorization packages

Conduct monthly reviews and annual assessments of OA systems

Validate system control assessment test plans and ensure control testing is in alignment with OA assessment frequency requirements

Organize and lead monthly Organizational Risk Management Board (ORMB) meetings, including preparing and distributing meeting minutes

Develop, maintain, and make recommendations for enhancing Cybersecurity Policies

Develop, update, and maintain Standard Operating Procedures (SOPs) and make recommendations for new processes and/or SOPs needed to mature and improve Government Programs

Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support OA/ Continuous ATO

Communicate clearly with system owners, developers, and executive leadership on various cybersecurity, risk and compliance topics, including providing recommendations on system and network security architecture, Active Directory integration, and application security

Coordinate, schedule, develop agendas, and facilitate meetings for large governance groups and working groups comprised of all levels of government and contractor stakeholders

Perform other duties as assigned by the Government

Ability to work efficiently and effectively in a dynamic and fast-paced environment

Qualification

NIST 800-37NIST 800-53FISMA metricsContinuous monitoringGovernment GRC toolsCybersecurity architectureRisk Management FrameworkActive DirectoryAnalytical skillsCommunication skillsOrganizational skillsProblem-solving skills

Required

8 years of related experience with Bachelor's Degree or 10 years of overall related experience in a relevant field

5 years of experience with NIST 800-37, experience that can span across a subset, or all, of the steps within the Risk Management Framework

3 years of experience in DHS environment

1 year of experience assessing security controls in accordance with NIST 800-53 in support of the Federal Government to include evaluating and validating security control implementation

Must have a current Active Secret clearance

3 years of experience with NIST SP 800-53, 800-37

3 years of experience with DHS 4300A/B

1 year of experience with FISMA metrics, and security compliance

3 years of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management

3 years of experience with government GRC tools such as Archer, IACS, CSAM, etc

5 years' experience managing/ supporting cybersecurity architecture and governance

Must have previous client-engagement experience

Preferred

2 years of experience assessing security controls in accordance with NIST 800-53 in support of the Federal Government to include evaluating and validating security control implementation

5 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs)

3 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs)

Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with a diverse group of government and contractor stakeholders at various levels within the organization, including developing and maintaining agendas, meeting notes, and meeting records, including maintaining a repository of all meeting records

Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations

Ability to clearly communicate complex technical concepts to Information Technology Project Managers, ISSOs, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners

Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads

Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client

Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints

Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace

Excellent organizational skills and attention to detail

Strong analytical, critical thinking, and problem-solving skills