Job Description

Primary Responsibilities: Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals. Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. Participate in and support assessments. Report control violation findings through organization risk management framework and/or governance tools. Track audit findings and recommendations to ensure that appropriate mitigation actions are taken. Work with technical teams to guide mitigation of security control deficiencies for assigned IT systems. Assess the cyber security impact of changes to assigned IT systems. Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture. Implement processes and procedures to monitor risk across programs and systems. Use industry best practices in cyber security and security engineering to advise on efforts related to compliance, awareness, training, and security operations while supporting process interaction with Government customers and other contractor IT groups. Identify, advise and assist with alternative information security strategies and solutions to address organizational security objectives. Lead Independent Validation and Verification (IV&V) efforts on security authorization packages to ensure compliance with agency requirements. Perform continuous monitoring of security controls to ensure continued correct implementation, operating as intended and producing the desired outcome with respect for meeting the cyber security requirements for assigned IT systems Coordinate and prepare security related government data calls, debriefs, and monthly reports. Help assess effectiveness of security and privacy training programs. Collect and aggregate data needed to meet system cybersecurity reporting. Prepare and assist in the development of policy and procedures. Outline and maintain a detailed policy matrix mapping federal and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP800-53. Documents include but are not limited to: Standard Operating Procedures (SOPs) Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc). Provide administrative support to users, author guidance, establish best practices for agency GRC tools. Knowledge and Skills: Bachelors Degree in Computer Science, Engineering, Business, or related field of studies and/or greater than five (5) years equivalent experience. Security related certification (Comptia Sec +, CISSP, CGRC, etc) or substitute 2 years specialized experience. Minimum 5 years working with Risk Management Framework. Working knowledge of current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP): SP800-18, SP800-37, SP800-53 Rev 4/5, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, and other policies and applications to enterprise IT security. Ability to plan, organize, and direct multiple priorities and tasks. Hands-on Experience using the Cyber Security Assessment and Governance Risk and compliance (GRC) Tools. Strong interpersonal and communication skills. #J-18808-Ljbffr Karthik Consulting

Job Tags

Similar Jobs