Imagineeer
Cybersecurity Subject Matter Expert Specialist
Imagineeer, Washington, District of Columbia, us, 20022
Cybersecurity Subject Matter Expert (SME) Specialist
We are seeking a Cybersecurity Subject Matter Expert (SME) Specialist to provide expert guidance in cybersecurity governance, risk management, compliance, and federal cyber policy execution. This role supports cybersecurity strategic planning and operational execution across enterprise-level cyber initiatives within the U.S. Department of Health and Human Services (HHS). The Cybersecurity SME Specialist will contribute to cybersecurity maturity improvements, federal compliance efforts, security policy development, and cross-agency cyber coordination efforts. This role requires familiarity with FISMA, NIST SP 800-53, FedRAMP, ISCM, HVA security, CUI handling, and federal cybersecurity reporting requirements. Key responsibilities include: Providing cybersecurity subject matter expertise to federal stakeholders and program leadership. Supporting cybersecurity planning, strategy development, and implementation of security standards. Translating federal cybersecurity mandates into actionable implementation plans. Assisting in the development, review, and maintenance of cybersecurity policies, guidance, and standard operating procedures (SOPs). Supporting cybersecurity governance reviews and contributing to policy lifecycle management. Advising on cyber workforce training and awareness strategies. Providing input for system security categorization, risk assessments, and security control selection. Supporting implementation of NIST Risk Management Framework (RMF) and Enterprise Risk Management (ERM) integration. Providing FedRAMP Moderate/High security advisory support and help evaluate High Value Assets (HVAs). Contributing to Information Security Continuous Monitoring (ISCM) activities and Cyber Supply Chain Risk Management (C-SCRM) efforts. Assisting with FISMA compliance reporting and performance metric development. Supporting Information System Security Officers (ISSOs) with risk documentation, POA&Ms, and ATO package preparation. Conducting security gap assessments and audit reviews. Ensuring adherence to NIST SP 800-53 security controls and agency security requirements. Supporting Cyber Affairs & Information Management through stakeholder coordination, communications, and data-driven analysis. Developing and maintaining cybersecurity reports, dashboards, and analytical products. Ensuring Quality Assurance for all deliverables and Section 508 compliance. Delivering program documentation including weekly status reports, executive presentations, and meeting minutes. Security & Compliance Requirements: Ensure compliance with federal cyber mandates: FISMA, NIST SP 800-53 Rev 5, FedRAMP Moderate/High CUI security requirements Privacy Act compliance Mandatory 1-hour breach notification policies Qualifications and Skills: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. 7+ years of experience in cybersecurity, IT risk management, or security compliance. Strong understanding of federal cybersecurity frameworks: NIST 800-53, NIST RMF, NIST CSF FISMA compliance FedRAMP requirements Experience supporting cybersecurity programs within a federal environment. Ability to communicate complex security concepts clearly to technical and non-technical stakeholders. Must be able to obtain and maintain a Public Trust clearance/Must be a US citizen. Desired Skills and Competencies: One or more certifications: CISSP, CISM, Security+, CEH, CAP, CGRC, PMP Experience supporting cyber programs at HHS or other federal agencies. Knowledge of CUI handling guidelines and Privacy Act requirements. Experience with Zero Trust strategy implementation. Familiarity with cybersecurity data analysis, metrics, and dashboards. Flexible work from home options available.
We are seeking a Cybersecurity Subject Matter Expert (SME) Specialist to provide expert guidance in cybersecurity governance, risk management, compliance, and federal cyber policy execution. This role supports cybersecurity strategic planning and operational execution across enterprise-level cyber initiatives within the U.S. Department of Health and Human Services (HHS). The Cybersecurity SME Specialist will contribute to cybersecurity maturity improvements, federal compliance efforts, security policy development, and cross-agency cyber coordination efforts. This role requires familiarity with FISMA, NIST SP 800-53, FedRAMP, ISCM, HVA security, CUI handling, and federal cybersecurity reporting requirements. Key responsibilities include: Providing cybersecurity subject matter expertise to federal stakeholders and program leadership. Supporting cybersecurity planning, strategy development, and implementation of security standards. Translating federal cybersecurity mandates into actionable implementation plans. Assisting in the development, review, and maintenance of cybersecurity policies, guidance, and standard operating procedures (SOPs). Supporting cybersecurity governance reviews and contributing to policy lifecycle management. Advising on cyber workforce training and awareness strategies. Providing input for system security categorization, risk assessments, and security control selection. Supporting implementation of NIST Risk Management Framework (RMF) and Enterprise Risk Management (ERM) integration. Providing FedRAMP Moderate/High security advisory support and help evaluate High Value Assets (HVAs). Contributing to Information Security Continuous Monitoring (ISCM) activities and Cyber Supply Chain Risk Management (C-SCRM) efforts. Assisting with FISMA compliance reporting and performance metric development. Supporting Information System Security Officers (ISSOs) with risk documentation, POA&Ms, and ATO package preparation. Conducting security gap assessments and audit reviews. Ensuring adherence to NIST SP 800-53 security controls and agency security requirements. Supporting Cyber Affairs & Information Management through stakeholder coordination, communications, and data-driven analysis. Developing and maintaining cybersecurity reports, dashboards, and analytical products. Ensuring Quality Assurance for all deliverables and Section 508 compliance. Delivering program documentation including weekly status reports, executive presentations, and meeting minutes. Security & Compliance Requirements: Ensure compliance with federal cyber mandates: FISMA, NIST SP 800-53 Rev 5, FedRAMP Moderate/High CUI security requirements Privacy Act compliance Mandatory 1-hour breach notification policies Qualifications and Skills: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. 7+ years of experience in cybersecurity, IT risk management, or security compliance. Strong understanding of federal cybersecurity frameworks: NIST 800-53, NIST RMF, NIST CSF FISMA compliance FedRAMP requirements Experience supporting cybersecurity programs within a federal environment. Ability to communicate complex security concepts clearly to technical and non-technical stakeholders. Must be able to obtain and maintain a Public Trust clearance/Must be a US citizen. Desired Skills and Competencies: One or more certifications: CISSP, CISM, Security+, CEH, CAP, CGRC, PMP Experience supporting cyber programs at HHS or other federal agencies. Knowledge of CUI handling guidelines and Privacy Act requirements. Experience with Zero Trust strategy implementation. Familiarity with cybersecurity data analysis, metrics, and dashboards. Flexible work from home options available.