Cybersecurity Risk Lead

Customer Value Partners - Bethesda, MD

posted 2 months ago

Full-time - Senior
Bethesda, MD
Professional, Scientific, and Technical Services

About the position

CVP is seeking a Cybersecurity Risk Lead for a large government agency enterprise-level cybersecurity program. The Cybersecurity Risk Lead will work directly with the Cybersecurity Program Manager and the agency's CIO and CISO in various cybersecurity tasks, including information security policy development and implementation, security compliance monitoring, security audit management, risk assessment, system authorization, security reporting, and other information security-related tasks. This role is critical in helping the agency identify, evaluate, and develop strategies for managing risks to reduce information security and privacy risks across the agency. The Risk Lead will provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools. This includes enhancing the agency's Information Security Program related to governance, optimizations, automation, and supporting tools. The Risk Lead will also support the agency's operational responsibilities in complying with Federal, Department, and Agency mandates and policies, including those from the Department of Health and Human Services, the Federal Information Security Modernization Act (FISMA), and various OMB Circulars. Key responsibilities include developing an agency Information Security Risk Management Strategy in accordance with the latest NIST Special Publications, conducting enterprise risk assessments, and developing comprehensive reports and roadmaps that address privacy and security capabilities based on identified risks. The Risk Lead will also enhance the agency's Risk Management Program, develop dashboards for agency leadership, and provide continuous risk monitoring and guidance to ensure compliance with information security control implementation effectiveness. Additionally, the Risk Lead will track Plans of Actions and Milestones (POA&Ms) agency-wide and validate the A&A status for all divisions and programs with information systems.

Responsibilities

  • Identify, evaluate, and develop strategies for handling risks to reduce information security and privacy risk across the agency.
  • Provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools.
  • Support the agency's operational responsibilities in complying with Federal, Department, and Agency mandates and policies.
  • Develop an agency Information Security Risk Management Strategy in accordance with NIST Special Publications.
  • Conduct an enterprise risk assessment and develop an agency Information Security Risk Assessment Report.
  • Develop an agency Privacy and Security Roadmap based on risks identified in the agency's Information Security Risk Assessment Report.
  • Create an agency Information Security Risk Management Plan addressing risk management activities.
  • Develop a Risk Scorecard detailing the agency's overall risk posture.
  • Enhance the agency's Risk Management Program as prescribed in NIST SPs.
  • Develop a dashboard for agency leadership to provide a constant view of risks to the IT ecosystem.
  • Provide risk management guidance for A&A activities, ensuring continuous risk monitoring of information security controls.
  • Support the Information Security and Assurance Office in implementing and overseeing risk management and A&A activities.
  • Provide recommendations and implement process improvements to the agency's A&A process.
  • Advise the agency on tailoring the A&A process for non-traditional technologies.
  • Develop guidance, templates, and tools to support program offices in risk management and ATO activities.
  • Track and review POA&Ms agency-wide to identify areas of risk.
  • Track the A&A status for all divisions and programs with information systems.
  • Develop required artifacts to complete security accreditation packages for OCIO information systems.

Requirements

  • Must be eligible to obtain a Public Trust clearance.
  • 4-year college degree in Computer Science or related field.
  • CISSP, CISM or GSLC Certification.
  • At least eight years of cybersecurity experience.
  • Knowledge of NIST Cybersecurity and Risk Management frameworks.
  • Demonstrated strong analytical, troubleshooting, and problem-solving skills for cybersecurity.
  • Excellent communication skills, both written and oral.
  • Security+ or equivalent certification.
  • Knowledge of cloud environments and computer networking concepts and protocols.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of business continuity and disaster recovery plans.
  • Knowledge of host/network access control mechanisms.
  • Knowledge of cybersecurity and privacy principles.

Nice-to-haves

  • Experience with Security Assessment Tools (Tenable Nessus, DBProtect, Wireshark, WebInspect).
  • NIH experience.

Benefits

  • Health insurance
  • 401k
  • Paid holidays
  • Professional development opportunities
  • Flexible scheduling

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service