Cyber Risk Management Specialist
US-VA-McLean
External
Req #: 6842
Type: Full-Time
|
|
|||||||||
|
||||||||||
Overview: The Cyber Risk Management Specialist (CRMS) will specialize in in-depth knowledge of the program's cyber security hygiene, DevSecOps, Risk Management Framework (RMF), Assessment and Authorization (A&A), Federal Risk and Authorization Management Program (FedRAMP) compliance, continuous ATO (cATO) and continuous monitoring. A solid grasp on confidentiality, integrity, and availability (CIA) security concepts is required. The candidate will be responsible for the technical implementation and enforcement of security hardening, vulnerability management, scan analysis, data analysis for metrics reporting, cloud environments, compliance with Federal regulation and policy, and commercial best practices relating to cyber security. The candidate must have the ability to be flexible and adaptive to a fast-paced, fluid business environment. Responsibilities: The role requires strong procedural knowledge of NIST SP 800-37 Risk Management Framework (RMF) for Information Systems and Organization, NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, FedRAMP requirements, cloud environments, cloud cybersecurity architecture, compliance with Federal regulation and policy, and commercial best practices relating to cloud security. The CRMS is expected to efficiently learn and adapt to rapidly changing federal governance frameworks and standards of practice, to include risk treatments for modern and emerging technologies (e,g, AI, blockchain, microservices). The Cyber Risk Management Specialist performs a range of functions before, during, and after an authorization is granted: * Integrate security into DevOps effectively at every stage of the software development life cycle (SDLC). * Identify security holes and potential breaches, work through multifaceted security issues, and create effective solutions based on understanding of risk posture and treatments. * Develop and implement tactical strategies for seamless automation to optimize the IT infrastructure. * Apply specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements. * Implement the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework. * Evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines * Apply in-depth, hands-on knowledge of the FedRAMP regulations, process, and requirements to lead project and initiative teams in accrediting cloud products and services. * Support external audits, data calls, and the Authorization to Operate (ATO) process by coordinating with organization system owners, engineers, CSP's and Third-Party Assessment Organizations (3PAO). * Positively impact the organization's goals and operational mission through various forms of metric performance measuring tools used to evaluate adherences to compliance. * Advise clients on FedRAMP requirements and provide security guidance on the implementation of security compliance controls per technical, management, and operational requirements. * Implement, monitor, and assess NIST SP 800-53 security controls for cloud environments to ensure compliance with FedRAMP requirements and governance models. * Ensure ongoing compliance with FedRAMP policy and requirements through monthly deliverables, regular vulnerability scanning, penetration testing, contingency testing, and annual security assessments performed by a 3PAO. * Support ATO, cATO, and continuous monitoring activities to include security documentation, audit log, security incidents, and risk assessment. * Review and manage Plan of Action & Milestones (POA&M), to include remediation tracking and reporting. Qualifications: Required * Ability to obtain a U.S. government Security Clearance * Master's Degree and 1 year of relevant experience; OR * Bachelor's Degree and 3 years of relevant experience; OR * No degree and 8 years of relevant experience * Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained. Preferred * Experience in FISMA, cloud cybersecurity architecture, compliance with Federal regulation and policy, and commercial best practices relating to cloud security. * Experience in Information Security processes to include RMF, FedRAMP, Compliance, Continuous Monitoring, and Annual Assessments. * Certifications in one or more of the following: CISSP, CRICS, CCSP, CAP/CGRC. * Certifications in one or more of the following: AWS Certified Solutions Architect, AWS Certified Security, Microsoft Certified Solutions Architect, MCSE Cloud Platform and Infrastructure * Experience conducting assessments in a 3PAO, C3PAO, or risk auditing organization is desirable, but not required. * Experience supporting systems in Agile environments.
Share this job:
