Cyber Defense Solutions is seeking team members with strong cybersecurity skills in the areas of security assessments, continuous monitoring, and privacy program support for a financial services sector client. the Qualified candidate will be performing security and privacy compliance work as well as consulting this client on emerging programs such as the Risk Management Framework and Continuous Diagnostics and Mitigation, (CDM).
Location: Washington, DC
Salary: Dependent upon experience
Security Clearance: Public Trust
Available: within 30 days
Serve as the Team Lead overseeing a team of IA specialists responsible for multiple security compliance activities, while also leading assessment activities and interfacing directly with key customer stakeholders:
- Assist on performing Assessments, Complete Assessment Plans, Create/Update System Security Plans (SSPs) and Security Assessment Reports (SARs).
- Coordinate, facilitate, and assist key meetings with customer which may include up to 20 stakeholders.
- Help complete client deliverables in strict project timelines and show ability to wisely manage time and multiple assessments and assignments at once.
- Perform quality evaluations of information system security controls in accordance with NIST 800-53, 800-137.
- Work with customer and system and application teams to resolve issues, answer questions and collect evidence related to assessment of security controls.
- Participate in Continuous Monitoring initiatives which may include: Standard Operating Procedure updates, template updates, training content updates, and development of scripts for calls and test cases for assessments.
Experience with the following:
- Security Assessment and Authorization, (SA&A) activities
- Plan-of-Action-and-Milestones, (POA&M) management
- Risk Management Framework, (RMF) implementation
- Continuous Monitoring planning and implementation
- Privacy Threshold Assessment/Privacy Impact Assessment development
- System Security Lifecycle Support
- Privacy Program Support/Privacy Controls Implementation
One of the following:
CISSP, CISM, CISA
Securing Industrial Control Systems, (ICS) / Supervisory Control and Data Acquisition, (SCADA) systems is a plus.