Jobs via Dice
Overview
Join to apply for the
Cybersecurity Risk Management Analyst
role at
Jobs via Dice Evolver Federal is seeking a
Cybersecurity Risk Management Analyst
to support its Federal client in Springfield, VA in managing all aspects of cybersecurity risk and compliance including, but not limited to: maintaining an accurate FISMA Inventory, managing the government's Common Control Program, maintaining the client's Cybersecurity policies, procedures, guidance, and related templates, assist on oversight of the government's Ongoing Authorization Program and POA&M Management processes, as well as develop various compliance reports relating to all areas of risk and compliance.
Responsibilities
Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support and enterprise-wide common controls program. Advise the government client on which controls are appropriate as common controls and relevant to be inherited by all or a subset of systems in the enterprise portfolio. Also advise on system level controls, and review/ validate control inheritance.
Review Control Implementation Statements to ensure proper implementation in alignment with NIST 800-53.
Develop, maintain, and make recommendations for enhancing Cybersecurity Policies
Develop FISMA Metrics and Asset Management reports in compliance with requirements outlined in DHS 4300A/B
Monitor and manage FISMA Inventory and system designations (e.g., CFO, High Value Assets (HVA), Mission Essential Systems (MES), Personally Identifiable Information (PII))
Maintain and update the FISMA System Inventory Methodology and related SOPs
Provide recommendations in support of system boundary consolidation and integration of tools/databases
Communicate clearly with system owners, developers, and executive leadership on various cybersecurity, risk and compliance topics
Coordinate, schedule, develop agendas, and facilitate meetings with all levels of government and contractor stakeholders
Assist in engaging in providing support to the client in oversight of Common Control Providers across the Department
Ensure testing of common controls aligns with the Risk Management Framework (RMF) and DHS 4300 policy
Conduct annual reviews of Common Control Providers and Programs
Maintain the Common Control Implementation Guide, Methodology, and training materials
Deliver formal Department-wide Common Controls compliance training
Recommend updates to DHS 4300 policies, attachments, memos, and cybersecurity directives
Provide policy recommendations for Security Authorization, POA&Ms, Ongoing Authorization, and Document Review
Maintain and update SA Guides, DR methodologies, checklists, and templates (e.g., FIPS199, SAR, SAP, RA, CM, CP, BIA)
Develop and manage RMF-related processes, procedures, and documentation templates
Conduct gap analyses and recommend improvements to streamline, automate, and standardize cybersecurity processes across the enterprise
Identify and recommend improvements to streamline Security Authorization processes (e.g., ATO, Ongoing Authorization, FedRAMP, Reciprocity)
Provide recommendations to standardize the Security Authorization and Risk Management programs using an agile, value-driven model
Perform document reviews for all security documentation in support of initial authorization, reauthorization, and ongoing Security Authorization packages, as well as compile and prepare authorization package
Assist with data calls and analysis as required by the Federal government
Prepare executive summaries, talking points, and slide decks for CISO/CIO briefings
Maintain documentation in Microsoft Teams, SharePoint, and other shared platforms
Develop and update training materials and PowerPoint presentations on inventory processes
Perform other duties as assigned by the Government
Ability to work efficiently and effectively in a dynamic and fast-paced environment
Basic Qualifications
5 years of related experience with Bachelor\'s degree or 8 years of overall related experience in a relevant field
5 years of experience with NIST 800-37, experience that can span across a subset, or all, of the steps within the Risk Management Framework
1 year of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security control implementation
3 years of experience as an Information System Security Officer (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIAs), and Business Impact Assessments (BIAs)
1 year of experience with NIST SP 800-53, 800-37, DHS 4300A/B
3 years of experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure
3 years of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management
3 years of experience with government GRC tools such as Archer, IACS, CSAM, etc.
2 years of experience managing an enterprise\'s Inventory of information technology systems (or FISMA Systems)
Must have one of the following certifications: CISSP, CISM, CISA, CAP, C|ISSO, CEH
Must have an Active Secret clearance prior to start date
Preferred Qualifications
2 years of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security control implementation
5 years of experience as an Information System Security Officer (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs)
Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with a diverse group of government and contractor stakeholders at various levels within the organization, including developing and maintaining agendas, meeting notes, and meeting records, including maintaining a repository of all meeting records
Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations
Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads
Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client
Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace
Excellent organizational skills and attention to detail
Strong analytical, critical thinking, and problem-solving skills
Must have previous client-engagement experience
DHS HQ or Component- level experience
Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.
Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.
Additional Information Seniority level: Mid-Senior level Employment type: Full-time Job function: Finance and Sales Industries: Software Development
Referrals increase your chances of interviewing at Jobs via Dice by 2x
Sign in to set job alerts for “Risk Analyst” roles.
#J-18808-Ljbffr
Join to apply for the
Cybersecurity Risk Management Analyst
role at
Jobs via Dice Evolver Federal is seeking a
Cybersecurity Risk Management Analyst
to support its Federal client in Springfield, VA in managing all aspects of cybersecurity risk and compliance including, but not limited to: maintaining an accurate FISMA Inventory, managing the government's Common Control Program, maintaining the client's Cybersecurity policies, procedures, guidance, and related templates, assist on oversight of the government's Ongoing Authorization Program and POA&M Management processes, as well as develop various compliance reports relating to all areas of risk and compliance.
Responsibilities
Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support and enterprise-wide common controls program. Advise the government client on which controls are appropriate as common controls and relevant to be inherited by all or a subset of systems in the enterprise portfolio. Also advise on system level controls, and review/ validate control inheritance.
Review Control Implementation Statements to ensure proper implementation in alignment with NIST 800-53.
Develop, maintain, and make recommendations for enhancing Cybersecurity Policies
Develop FISMA Metrics and Asset Management reports in compliance with requirements outlined in DHS 4300A/B
Monitor and manage FISMA Inventory and system designations (e.g., CFO, High Value Assets (HVA), Mission Essential Systems (MES), Personally Identifiable Information (PII))
Maintain and update the FISMA System Inventory Methodology and related SOPs
Provide recommendations in support of system boundary consolidation and integration of tools/databases
Communicate clearly with system owners, developers, and executive leadership on various cybersecurity, risk and compliance topics
Coordinate, schedule, develop agendas, and facilitate meetings with all levels of government and contractor stakeholders
Assist in engaging in providing support to the client in oversight of Common Control Providers across the Department
Ensure testing of common controls aligns with the Risk Management Framework (RMF) and DHS 4300 policy
Conduct annual reviews of Common Control Providers and Programs
Maintain the Common Control Implementation Guide, Methodology, and training materials
Deliver formal Department-wide Common Controls compliance training
Recommend updates to DHS 4300 policies, attachments, memos, and cybersecurity directives
Provide policy recommendations for Security Authorization, POA&Ms, Ongoing Authorization, and Document Review
Maintain and update SA Guides, DR methodologies, checklists, and templates (e.g., FIPS199, SAR, SAP, RA, CM, CP, BIA)
Develop and manage RMF-related processes, procedures, and documentation templates
Conduct gap analyses and recommend improvements to streamline, automate, and standardize cybersecurity processes across the enterprise
Identify and recommend improvements to streamline Security Authorization processes (e.g., ATO, Ongoing Authorization, FedRAMP, Reciprocity)
Provide recommendations to standardize the Security Authorization and Risk Management programs using an agile, value-driven model
Perform document reviews for all security documentation in support of initial authorization, reauthorization, and ongoing Security Authorization packages, as well as compile and prepare authorization package
Assist with data calls and analysis as required by the Federal government
Prepare executive summaries, talking points, and slide decks for CISO/CIO briefings
Maintain documentation in Microsoft Teams, SharePoint, and other shared platforms
Develop and update training materials and PowerPoint presentations on inventory processes
Perform other duties as assigned by the Government
Ability to work efficiently and effectively in a dynamic and fast-paced environment
Basic Qualifications
5 years of related experience with Bachelor\'s degree or 8 years of overall related experience in a relevant field
5 years of experience with NIST 800-37, experience that can span across a subset, or all, of the steps within the Risk Management Framework
1 year of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security control implementation
3 years of experience as an Information System Security Officer (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIAs), and Business Impact Assessments (BIAs)
1 year of experience with NIST SP 800-53, 800-37, DHS 4300A/B
3 years of experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure
3 years of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management
3 years of experience with government GRC tools such as Archer, IACS, CSAM, etc.
2 years of experience managing an enterprise\'s Inventory of information technology systems (or FISMA Systems)
Must have one of the following certifications: CISSP, CISM, CISA, CAP, C|ISSO, CEH
Must have an Active Secret clearance prior to start date
Preferred Qualifications
2 years of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security control implementation
5 years of experience as an Information System Security Officer (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs)
Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with a diverse group of government and contractor stakeholders at various levels within the organization, including developing and maintaining agendas, meeting notes, and meeting records, including maintaining a repository of all meeting records
Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations
Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads
Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client
Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace
Excellent organizational skills and attention to detail
Strong analytical, critical thinking, and problem-solving skills
Must have previous client-engagement experience
DHS HQ or Component- level experience
Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.
Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.
Additional Information Seniority level: Mid-Senior level Employment type: Full-time Job function: Finance and Sales Industries: Software Development
Referrals increase your chances of interviewing at Jobs via Dice by 2x
Sign in to set job alerts for “Risk Analyst” roles.
#J-18808-Ljbffr