Cybersecurity specialist
REMOTE
(U.S. Citizens preferred)
The ideal candidate will need to:
- Possess a working level expertise with the National Institute of Standards and Technologies (NIST) Risk Management Framework (RMF) and the NIST 800-53 series of control families and approaches.
- Perform detailed analysis and a cyber risk assessment of Cloud Service Providers (CSPs). Engage vendors to review controls, certifications, and risks in support of the associated business need and the laboratory’s risk tolerance.
- Partner with the CSPO in the implementation of the new Laboratory Governance, Risk and Compliance (GRC) tool, Talatek TiGRIS.
- Partner with others from within the CSPO team and Laboratory IT environment to perform risk-based assessments of NIST 800-53 control validation and gap analysis.
- Collaborate with the CSPO to present outcomes of risk analysis work using presentation methods to CSPO and other lab audiences (IT admins, Deputy CIO, CISO)
- Maintain assessment and assessment results in the GRC tool, /TiGRIS.
The ideal candidate would have: a fundamental understanding of IT Risk management and the NIST 800 series framework; experience working in a government environment; experience working closely with cyber security leadership and peers along with IT system/process owners to capture artifacts for control testing; technical understanding of systems and technologies to inform audits and assessments; ability to translate results into business-oriented, task-focused presentations.
Objectives
The ideal candidate will support the projects and tasks associated with Cybersecurity Risk Assessment and Compliance
Expectation/Deliverables:
- Assist in the management of Lab-Vendor risk assessments throughout the engagement.
- Includes analysis and a cyber risk assessment of Cloud Service Providers (CSPs) (Vendors).
- Regularly, engage with vendors to review controls, certifications, and risks.
- As necessary, work various Governance, Risk and Compliance (GRC) projects using GRC tool, Talatek TiGRIS.
- Includes various risk-based assessments of NIST 800-53 control validation and gap analysis.
- Present outcomes of risk analysis work to CSPO and other lab audiences, as needed.
- Perform assessment and assessment result maintenance in the GRC tool, /TiGRIS, as necessary.
Deliverables include assessment process documents and assessment report management, updates in TiGRIS, and communicating via E-Mail, TEAMS, etc
Qualifications:
- Considerable knowledge of the NIST 800 series framework
- Considerable knowledge of Risk Management
- Considerable knowledge/experience of assessing controls.
- Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- Experience in working with Governance Risk Compliance systems.
- Experience presenting reports and outcomes to leadership, tracking to closure, and creating buy-in to risk management.
- Experience and skill in conducting audits or reviews of technical systems.
- Experience with Risk Management Framework (RMF) requirements.
- Experience assessing vendor risk.
- Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- Ability to skillfully communicate through various methods.
- Ability to work autonomously with appropriate guidance.
- Experience working in a government environment.
- Experience working in a distributed IT environment.
- Basic knowledge of cyber security concepts.
- Working knowledge of networking administration.
- Working knowledge of system administration.
- Excellent communication and technical skills.
- Ability to obtain HSPD-12 card for use in two-factor authentication.
- Able to work both independently and as a contributing member of a small technical team.
- Able to effectively interact with user organizations to validate controls.
- Able to disseminate knowledge to current staff.
Job Type: Contract
Benefits:
Schedule:
Application Question(s):
Education:
Experience:
- Risk Management: 7 years (Preferred)
- Cybersecurity: 7 years (Preferred)
- NIST standards: 7 years (Preferred)
Work Location: Remote