ASSYST a CMMI Level 3 Company
Cybersecurity Risk Advisor Information Technology Baltimore, MD
ASSYST a CMMI Level 3 Company, Baltimore, Maryland, United States, 21276
ASSYST's
Information Assurance and Cyber Security Practice is seeking a Cybersecurity Risk Advisor to support our Federal Project. The Cyber Security Risk Advisor will be responsible for evaluating, maintaining, and communicating the risk posture of each FISMA system to executive leadership and making risk-based recommendations. They will act as the subject matter expert in all areas of the Risk Management Framework (RMF) and provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses.
Responsibilities:
Support stakeholders in ensuring that all requirements specified by the Acceptable Risk Safeguards and the procedures and standards of the risk management framework are implemented and enforced
Ensure information security and privacy testing is performed throughout the SDLC as appropriate, and results are considered during the development phase of the SDLC
Monitor system security posture by reviewing all proposed information security and privacy artifacts to provide recommendations to the ISSO
Provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses
Serve as the authority to approve selected system configuration deviations from the required baseline
Coordinate with the point of contact, including ISSO, for each FISMA system or collection of Personally Identifiable Information (PII)/Protected Health Information (PHI) to identify the types of information processed, assign appropriate security categorizations to information systems, ensure legal authority for activities involving PII/PHI.
Determine privacy impacts and manage information security and privacy risk
Job Requirements
Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related field
CISSP, CISM, or other relevant certifications preferred
6+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g. FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201
In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them
Practical knowledge of IT System contingency planning
Understanding of risk assessment and risk management concepts
Good understanding of continuous monitoring and continuous authorization concepts
Good understanding of the protection of PII and PIA concepts
Expert use of MS Office, especially Word, PowerPoint, and Outlook
Excellent communication and interpersonal skills
Ability to work effectively with executive leadership and stakeholders from diverse backgrounds
Strong problem-solving and analytical skills
ASSYST Benefits
: We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.#J-18808-Ljbffr
Information Assurance and Cyber Security Practice is seeking a Cybersecurity Risk Advisor to support our Federal Project. The Cyber Security Risk Advisor will be responsible for evaluating, maintaining, and communicating the risk posture of each FISMA system to executive leadership and making risk-based recommendations. They will act as the subject matter expert in all areas of the Risk Management Framework (RMF) and provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses.
Responsibilities:
Support stakeholders in ensuring that all requirements specified by the Acceptable Risk Safeguards and the procedures and standards of the risk management framework are implemented and enforced
Ensure information security and privacy testing is performed throughout the SDLC as appropriate, and results are considered during the development phase of the SDLC
Monitor system security posture by reviewing all proposed information security and privacy artifacts to provide recommendations to the ISSO
Provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses
Serve as the authority to approve selected system configuration deviations from the required baseline
Coordinate with the point of contact, including ISSO, for each FISMA system or collection of Personally Identifiable Information (PII)/Protected Health Information (PHI) to identify the types of information processed, assign appropriate security categorizations to information systems, ensure legal authority for activities involving PII/PHI.
Determine privacy impacts and manage information security and privacy risk
Job Requirements
Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related field
CISSP, CISM, or other relevant certifications preferred
6+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g. FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201
In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them
Practical knowledge of IT System contingency planning
Understanding of risk assessment and risk management concepts
Good understanding of continuous monitoring and continuous authorization concepts
Good understanding of the protection of PII and PIA concepts
Expert use of MS Office, especially Word, PowerPoint, and Outlook
Excellent communication and interpersonal skills
Ability to work effectively with executive leadership and stakeholders from diverse backgrounds
Strong problem-solving and analytical skills
ASSYST Benefits
: We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.#J-18808-Ljbffr