ASSYST's Information Assurance and Cyber Security Practice is seeking a Cybersecurity Risk Advisor to support our Federal Project. The Cyber Security Risk Advisor will be responsible for evaluating, maintaining, and communicating the risk posture of each FISMA system to executive leadership and making risk-based recommendations. They will act as the subject matter expert in all areas of the Risk Management Framework (RMF) and provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses.
Responsibilities:
- Support stakeholders in ensuring that all requirements specified by the Acceptable Risk Safeguards and the procedures and standards of the risk management framework are implemented and enforced
- Ensure information security and privacy testing is performed throughout the SDLC as appropriate, and results are considered during the development phase of the SDLC
- Monitor system security posture by reviewing all proposed information security and privacy artifacts to provide recommendations to the ISSO
- Provide guidance to stakeholders on required actions, strategies, and best practices for closure of identified weaknesses
- Serve as the authority to approve selected system configuration deviations from the required baseline
- Coordinate with the point of contact, including ISSO, for each FISMA system or collection of Personally Identifiable Information (PII)/Protected Health Information (PHI) to identify the types of information processed, assign appropriate security categorizations to information systems, ensure legal authority for activities involving PII/PHI.
- Determine privacy impacts and manage information security and privacy risk
Job Requirements
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related field
- CISSP, CISM, or other relevant certifications preferred
- 6+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g. FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
- Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
- In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201
- In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them
- Practical knowledge of IT System contingency planning
- Understanding of risk assessment and risk management concepts
- Good understanding of continuous monitoring and continuous authorization concepts
- Good understanding of the protection of PII and PIA concepts
- Expert use of MS Office, especially Word, PowerPoint, and Outlook
- Excellent communication and interpersonal skills
- Ability to work effectively with executive leadership and stakeholders from diverse backgrounds
- Strong problem-solving and analytical skills
ASSYST Benefits: We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.