ECS
Overview
Senior RMF Subject Matter Expert to work in our Washington, DC office. ECS is seeking a candidate to drive holistic and enterprise-scale changes in cyber-security programs within large Federal clients, acting as a disruptor to the status quo to ensure security and privacy best-practices meet regulatory requirements in a holistic and cost-effective manner. Responsibilities
Provide consultation expertise at various levels with a large Federal agency to develop and maintain an enterprise-scale cyber security program that reacts quickly to changing regulatory and operational drivers, including emerging technical, operational, and management risk-drivers. Participate in daily, weekly, and monthly status meetings with key Government personnel to inform stakeholders of program status and progress, set priorities, identify opportunities or concerns, and coordinate resolution of issues. Develop program-level security documentation, conduct audit liaison activities, and manage compliance oversight to strengthen the enterprise security program and promote RMF compliance. Support independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A). Support the management and implementation of continuous monitoring solutions to increase visibility of network activity. Manage and guide the program team and oversee development of Enterprise Information Security Trainings and Enterprise Outreach Campaign Plans. Qualifications
8+ years of executive-level cyber RMF consulting experience advising cybersecurity programs in large federal organizations. Strong interpersonal and communication skills, including ability to convey technical concepts to non-technical personnel and interact effectively with senior Agency management and leadership. Strong written, verbal, and presentation skills with stakeholder management and engagement abilities across varied technical backgrounds and management levels. Advanced understanding of GRC tools, policy, procedures, and processes (including FISMA, NIST, RMF, and recent Executive Orders). Experience with NIST RMF and Governance, Risk & Compliance (GRC) and Information Assurance tools. Strong familiarity with NIST RMF at SME level, including SP 800-30, -37, -39, -53, and related guidance. Ability to guide enterprise-specific implementation guidance for agency management and to analyze Federal legislation, directives, OMB mandates, and NIST guidance to identify required updates. Ability to conduct research on new technologies and develop information security and privacy policy, standards, and procedures; working knowledge of the Privacy Act of 1974 and FISMA. Active Top Secret clearance or higher. Preferred / Desired Skills
Experience planning, developing, and implementing enterprise-scale cyber security programs for Federal Agencies. Experience managing Security Controls Assessment teams and developing/security/privacy assessment plans per NIST SP 800-53A. Knowledge of penetration testing principles, threat environments, and familiarity with tools such as ServiceNow, Cylance, Tenable, Netsparker, Symantec DLP, and Federal GRC tools (Xacta, CSAM, RSA Archer, eMASS, etc.). Benefits & Equal Opportunity
ECS is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, veteran status, or any other status protected by applicable law. About ECS
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We focus on people, values, and purpose, with 3500+ employees supporting Federal Agencies and Departments of the US Government.
#J-18808-Ljbffr
Senior RMF Subject Matter Expert to work in our Washington, DC office. ECS is seeking a candidate to drive holistic and enterprise-scale changes in cyber-security programs within large Federal clients, acting as a disruptor to the status quo to ensure security and privacy best-practices meet regulatory requirements in a holistic and cost-effective manner. Responsibilities
Provide consultation expertise at various levels with a large Federal agency to develop and maintain an enterprise-scale cyber security program that reacts quickly to changing regulatory and operational drivers, including emerging technical, operational, and management risk-drivers. Participate in daily, weekly, and monthly status meetings with key Government personnel to inform stakeholders of program status and progress, set priorities, identify opportunities or concerns, and coordinate resolution of issues. Develop program-level security documentation, conduct audit liaison activities, and manage compliance oversight to strengthen the enterprise security program and promote RMF compliance. Support independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A). Support the management and implementation of continuous monitoring solutions to increase visibility of network activity. Manage and guide the program team and oversee development of Enterprise Information Security Trainings and Enterprise Outreach Campaign Plans. Qualifications
8+ years of executive-level cyber RMF consulting experience advising cybersecurity programs in large federal organizations. Strong interpersonal and communication skills, including ability to convey technical concepts to non-technical personnel and interact effectively with senior Agency management and leadership. Strong written, verbal, and presentation skills with stakeholder management and engagement abilities across varied technical backgrounds and management levels. Advanced understanding of GRC tools, policy, procedures, and processes (including FISMA, NIST, RMF, and recent Executive Orders). Experience with NIST RMF and Governance, Risk & Compliance (GRC) and Information Assurance tools. Strong familiarity with NIST RMF at SME level, including SP 800-30, -37, -39, -53, and related guidance. Ability to guide enterprise-specific implementation guidance for agency management and to analyze Federal legislation, directives, OMB mandates, and NIST guidance to identify required updates. Ability to conduct research on new technologies and develop information security and privacy policy, standards, and procedures; working knowledge of the Privacy Act of 1974 and FISMA. Active Top Secret clearance or higher. Preferred / Desired Skills
Experience planning, developing, and implementing enterprise-scale cyber security programs for Federal Agencies. Experience managing Security Controls Assessment teams and developing/security/privacy assessment plans per NIST SP 800-53A. Knowledge of penetration testing principles, threat environments, and familiarity with tools such as ServiceNow, Cylance, Tenable, Netsparker, Symantec DLP, and Federal GRC tools (Xacta, CSAM, RSA Archer, eMASS, etc.). Benefits & Equal Opportunity
ECS is an equal opportunity employer and does not discriminate on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, veteran status, or any other status protected by applicable law. About ECS
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We focus on people, values, and purpose, with 3500+ employees supporting Federal Agencies and Departments of the US Government.
#J-18808-Ljbffr