Key skills
CloudCyber SecurityRisk Management
About this role
Role Overview
- Support as the principal advisor to the information system owner (SO), ISSM, CISO on all matters involving the security of assigned information systems.
- Maintain detailed knowledge and expertise required to manage the security aspects of assigned information systems.
- Ensure that the appropriate operational cybersecurity posture is maintained for assigned systems to provide confidentiality, integrity, and availability of information systems.
- Complete and keep updated security documentation, such as SIA, SSP, POA&M, Configuration Management Plan, Vulnerability Reports, etc.
- Participate in planning and management of all phases of the Risk Management Framework (RMF) Security Assessment and Authorization (SAA) process.
- Advise system owners on all matters, involving the security of assigned IT systems.
- Conduct continuous monitoring of implemented security controls to ensure that they are implemented correctly and operating as intended.
- Assess the cybersecurity impact of changes to assigned IT systems and document findings in a security impact analysis (SIA) report.
- Provide the required system access, information, and documentation to security assessment and audit teams.
Requirements
- Strong working knowledge and familiarity with NIST publications and privacy frameworks.
- Demonstrated understanding of cloud service models, hybrid models, financial applications, and mobile security technologies and tools.
- Demonstrated experience supporting an industry risk management tool executing A&A activities.
- Completed Bachelor’s degree from an accredited university in an IT related field.
- Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
- One or more of the following certifications: CRISC, CISM, or CISSP is strongly preferred.
- At minimum 5+ years of hands-on work experience with ISSO duties; performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful security authorization of such systems.
Tech Stack
- Cloud
- Cyber Security
Benefits
- paid parental leave
- flexible time off
- certification and training reimbursement
- digital mental health and wellbeing support memberships
- comprehensive insurance options