Cybersecurity Risk Advisor (Mid Level)

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related field
• 6+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g. FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
• Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
• In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201
• In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them
• Practical knowledge of IT System contingency planning
• Understanding of risk assessment and risk management concepts
• Good understanding of continuous monitoring and continuous authorization concepts
• Good understanding of the protection of PII and PIA concepts
• Expert use of MS Office, especially Word, PowerPoint, and Outlook

Nice To Haves

• CISSP, CISM, or other relevant certifications preferred

Responsibilities

• Support stakeholders in ensuring that all requirements specified by the Acceptable Risk Safeguards and the procedures and standards of the risk management framework are implemented and enforced
• Ensure information security and privacy testing is performed throughout the SDLC as appropriate, and results are considered during the development phase of the SDLC
• Monitor system security posture by reviewing all proposed information security and privacy artifacts to provide recommendations to the ISSO
• Provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses
• Serve as the authority to approve selected system configuration deviations from the required baseline
• Coordinate with the point of contact, including ISSO, for each FISMA system or collection of Personally Identifiable Information (PII)/Protected Health Information (PHI) to identify the types of information processed, assign appropriate security categorizations to information systems, ensure legal authority for activities involving PII/PHI.
• Determine privacy impacts and manage information security and privacy risk

Benefits

• We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.