EmergencyMD
Overview
Evolver Federal is seeking a
Senior Cybersecurity Risk Management Analyst
to support its Federal client in Springfield, VA in managing a portfolio of systems participating in Ongoing Authorization/ Continuous ATO. This role will ensure compliance with established guidance/processes for OA, including developing and reviewing security documentation in support of the OA process and compiling related security packages for submission, validating control sets for testing, conducting internal compliance reviews of assigned systems processes, and developing various compliance reports relating to all areas of risk and compliance. The successful candidate will have experience managing a Federal Government Ongoing Authorization Program or experience as an ISSO with systems participating in Ongoing Authorization/ Continuous ATO Program. The candidate will also have experience with FISMA metrics and in reviewing and analyzing data output from scanning tools to identify risks and trends at the enterprise level in support of continuous monitoring and remediation efforts. Responsibilities
Provide security SME-level input to working groups to improve FISMA metrics and continuous monitoring processes. Advise on architectural requirements for system/network security, Active Directory, application integration, and system hierarchy. Analyze data from continuous monitoring, configuration, vulnerability, asset, and software management tool output to identify security trends and risks. Support risk mitigation through performance analysis and anomaly detection. Guide System Team stakeholders on OA processes and ensure compliance with OA Methodology. Perform document reviews for all security documentation in support of initial authorization, reauthorization, and ongoing Security Authorization packages, as well as compile and prepare authorization packages. Conduct monthly reviews and annual assessments of OA systems. Validate system control assessment test plans and ensure control testing is in alignment with OA assessment frequency requirements. Organize and lead monthly Organizational Risk Management Board (ORMB) meetings, including preparing and distributing meeting minutes. Develop, maintain, and make recommendations for enhancing Cybersecurity Policies. Develop, update, and maintain Standard Operating Procedures (SOPs) and recommend new processes/SOPs needed to mature and improve Government Programs. Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support OA/ Continuous ATO. Communicate clearly with system owners, developers, and executive leadership on cybersecurity, risk, and compliance topics, including recommendations on system/network security architecture, Active Directory integration, and application security. Coordinate, schedule, develop agendas, and facilitate meetings for large governance groups and working groups comprised of government and contractor stakeholders. Perform other duties as assigned by the Government. Ability to work efficiently and effectively in a dynamic and fast-paced environment. Basic Qualifications
8 years of related experience with Bachelor's Degree or 10 years of overall related experience in a relevant field 5 years of experience with NIST 800-37, covering steps within the Risk Management Framework 3 years of experience in a DHS environment 1 year of experience assessing security controls per NIST 800-53 in support of the Federal Government, including evaluating and validating security control implementation Must have a current Active Secret clearance 3 years of experience with NIST SP 800-53, 800-37 3 years of experience with DHS 4300A/B 1 year of experience with FISMA metrics and security compliance 3 years of experience executing continuous monitoring activities, including vulnerability management and configuration management 3 years of experience with government GRC tools such as Archer, IACS, CSAM, etc. 5 years of experience managing/supporting cybersecurity architecture and governance Must have previous client-engagement experience Preferred Qualifications
2 years of experience assessing security controls in accordance with NIST 800-53 in support of the Federal Government 5 years of experience as an Information System Security Officer (ISSO) in/support of the Federal government, developing and maintaining comprehensive security documentation for the Risk Management Framework, including Systems Security Plans (SSPs), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PIAs), and Business Impact Assessments (BIAs) Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with diverse stakeholders, and maintain agendas and meeting records Ability to communicate clearly in written and verbal formats in formal and informal situations Ability to translate complex technical concepts to non-technical stakeholders Ability to adapt to frequent changes in priorities, follow project schedules, meet deadlines, and proactively communicate risks and issues Strong listening, analytical, and problem-solving skills; excellent organizational skills and attention to detail Strong analytical and critical thinking abilities Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law. Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.
#J-18808-Ljbffr
Evolver Federal is seeking a
Senior Cybersecurity Risk Management Analyst
to support its Federal client in Springfield, VA in managing a portfolio of systems participating in Ongoing Authorization/ Continuous ATO. This role will ensure compliance with established guidance/processes for OA, including developing and reviewing security documentation in support of the OA process and compiling related security packages for submission, validating control sets for testing, conducting internal compliance reviews of assigned systems processes, and developing various compliance reports relating to all areas of risk and compliance. The successful candidate will have experience managing a Federal Government Ongoing Authorization Program or experience as an ISSO with systems participating in Ongoing Authorization/ Continuous ATO Program. The candidate will also have experience with FISMA metrics and in reviewing and analyzing data output from scanning tools to identify risks and trends at the enterprise level in support of continuous monitoring and remediation efforts. Responsibilities
Provide security SME-level input to working groups to improve FISMA metrics and continuous monitoring processes. Advise on architectural requirements for system/network security, Active Directory, application integration, and system hierarchy. Analyze data from continuous monitoring, configuration, vulnerability, asset, and software management tool output to identify security trends and risks. Support risk mitigation through performance analysis and anomaly detection. Guide System Team stakeholders on OA processes and ensure compliance with OA Methodology. Perform document reviews for all security documentation in support of initial authorization, reauthorization, and ongoing Security Authorization packages, as well as compile and prepare authorization packages. Conduct monthly reviews and annual assessments of OA systems. Validate system control assessment test plans and ensure control testing is in alignment with OA assessment frequency requirements. Organize and lead monthly Organizational Risk Management Board (ORMB) meetings, including preparing and distributing meeting minutes. Develop, maintain, and make recommendations for enhancing Cybersecurity Policies. Develop, update, and maintain Standard Operating Procedures (SOPs) and recommend new processes/SOPs needed to mature and improve Government Programs. Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support OA/ Continuous ATO. Communicate clearly with system owners, developers, and executive leadership on cybersecurity, risk, and compliance topics, including recommendations on system/network security architecture, Active Directory integration, and application security. Coordinate, schedule, develop agendas, and facilitate meetings for large governance groups and working groups comprised of government and contractor stakeholders. Perform other duties as assigned by the Government. Ability to work efficiently and effectively in a dynamic and fast-paced environment. Basic Qualifications
8 years of related experience with Bachelor's Degree or 10 years of overall related experience in a relevant field 5 years of experience with NIST 800-37, covering steps within the Risk Management Framework 3 years of experience in a DHS environment 1 year of experience assessing security controls per NIST 800-53 in support of the Federal Government, including evaluating and validating security control implementation Must have a current Active Secret clearance 3 years of experience with NIST SP 800-53, 800-37 3 years of experience with DHS 4300A/B 1 year of experience with FISMA metrics and security compliance 3 years of experience executing continuous monitoring activities, including vulnerability management and configuration management 3 years of experience with government GRC tools such as Archer, IACS, CSAM, etc. 5 years of experience managing/supporting cybersecurity architecture and governance Must have previous client-engagement experience Preferred Qualifications
2 years of experience assessing security controls in accordance with NIST 800-53 in support of the Federal Government 5 years of experience as an Information System Security Officer (ISSO) in/support of the Federal government, developing and maintaining comprehensive security documentation for the Risk Management Framework, including Systems Security Plans (SSPs), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), Privacy Threshold Analyses (PIAs), and Business Impact Assessments (BIAs) Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with diverse stakeholders, and maintain agendas and meeting records Ability to communicate clearly in written and verbal formats in formal and informal situations Ability to translate complex technical concepts to non-technical stakeholders Ability to adapt to frequent changes in priorities, follow project schedules, meet deadlines, and proactively communicate risks and issues Strong listening, analytical, and problem-solving skills; excellent organizational skills and attention to detail Strong analytical and critical thinking abilities Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law. Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.
#J-18808-Ljbffr