Title: Information Security Risk Specialist, Sr
Position Type: Contract
Location: Remote, United States
Required Education Level: Masters
Required Degree: computer science, electronics engineering or other engineering or technical discipline is required.
Required Years Experience: 5
Substitution Criteria: 10 years of additional relevant experience may be substituted for education
Location: Remote
Core Hours: 9a-3p ET
As an Information Security Risk Specialist, Sr on our team, you'll use your experience to work witha government clientto discover their cyber risks, understand applicable policies, and develop a mitigation plan. You'll review technical, environmental, and personnel details to assess the entire threat landscape. Then, you'll guide the Veterans Administration (VA) client through a plan of action with presentations, white papers, and milestones. You'll work with your client to translate security concepts, so theycan make the best decisions to secure their mission critical systems and critical infrastructure. This is your opportunity to act as an information security subject matter expert where you will mentor others while broadening your skills in Risk Management Framework and NIST Security and Privacy controls. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.
You Have
Experience with NIST special publications and FIPS
Experience with information security and assurance principles, including the
NIST Cybersecurity Framework and RMF process
Experience with leading and coaching efforts involving presentations, SOPs, whitepapers, and change management processes
Experience with assessing
NIST security and privacy controls and maintaining Plans of Action and Milestones (POA&Ms)
Experience with analyzing data from
Governance Risk Compliance (GRC) tools, including eMASSorRiskVision, to determine trends, root cause, and possible solutions
Experience with providing guidance for the
NIST security and privacy controls and for providing sufficient documentation and artifacts for each control in the GRC tool
Experience in reviewing security requirements, recommending a mitigation strategy for deficiencies, and working directly with clients to provide solutionsand education
Experience with performingannual security reviews i
n accordance with FISMA reporting
Ability to obtain and mai
ntain a Public Trust or Suitability/Fitness determination based on client requirements
Master's degree in CS, Engineering, or IT and 5+ years of experience with IT or 15+ years of experience with IT in lieu of a degree
Nice If You Have
Experience with Privacy and Security control implementation, testing and assessment, and POAM management
Experience with using data analytical tools
Experience with the VA
Experience with scanning tools
Experience with creating formulas and data analysis in excel
Possession of excellent customer service and organization skills
Possession of excellent verbal and written communication skills
Public Trust
CAP, CISSP, CISM, PMP, or CCSK Certification
