Logo
ASSYST a CMMI Level 3 Company

Cybersecurity Risk Advisor Information Technology Baltimore, MD

ASSYST a CMMI Level 3 Company, Baltimore, Maryland, United States, 21276


ASSYST's

Information Assurance and Cyber Security Practice is seeking a Cybersecurity Risk Advisor to support our Federal Project. The Cyber Security Risk Advisor will be responsible for evaluating, maintaining, and communicating the risk posture of each FISMA system to executive leadership and making risk-based recommendations. They will act as the subject matter expert in all areas of the Risk Management Framework (RMF) and provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses.

Responsibilities:

Support stakeholders in ensuring that all requirements specified by the Acceptable Risk Safeguards and the procedures and standards of the risk management framework are implemented and enforced

Ensure information security and privacy testing is performed throughout the SDLC as appropriate, and results are considered during the development phase of the SDLC

Monitor system security posture by reviewing all proposed information security and privacy artifacts to provide recommendations to the ISSO

Provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses

Serve as the authority to approve selected system configuration deviations from the required baseline

Coordinate with the point of contact, including ISSO, for each FISMA system or collection of Personally Identifiable Information (PII)/Protected Health Information (PHI) to identify the types of information processed, assign appropriate security categorizations to information systems, ensure legal authority for activities involving PII/PHI.

Determine privacy impacts and manage information security and privacy risk

Job Requirements

Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related field

CISSP, CISM, or other relevant certifications preferred

6+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g. FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act

Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974

In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201

In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them

Practical knowledge of IT System contingency planning

Understanding of risk assessment and risk management concepts

Good understanding of continuous monitoring and continuous authorization concepts

Good understanding of the protection of PII and PIA concepts

Expert use of MS Office, especially Word, PowerPoint, and Outlook

Excellent communication and interpersonal skills

Ability to work effectively with executive leadership and stakeholders from diverse backgrounds

Strong problem-solving and analytical skills

ASSYST Benefits

: We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.#J-18808-Ljbffr