CRM Information Security Systems Officer

About The Position

Requirements

• Bachelors’ degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field and 8 years of related experience. Additional years of experience and cyber certifications may be considered in lieu of degree.
• Familiar with the management, operational, and technical aspects of IT Security in a complex enterprise environment.
• Demonstrated knowledge of and experience with several of the following: current security tools; hardware/software security implementation; communication protocols; encryption techniques/tools.
• In-depth experience completing security evaluations of software systems or architectures to ensure they meet security requirements.
• In-depth experience proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies, preferably on a large software or IT program.
• Must be able to obtain and maintain a Public Trust clearance specific to this customer.

Nice To Haves

• Experience in reviewing results from Operating system, application and Database scans.
• Experience in vulnerability reviewing, analysis and management.
• Preferred certifications: CAP, CISM, CISSP, CISA, CASP, CEH, GCED, CRISC, Sec +

Responsibilities

• Conduct risk assessment of CBP systems including data gathering, research, and coordination.
• Analyze of control applicability and implementation statuses for enterprise risk assessments.
• Integrate the NIST Cybersecurity Framework (CSF) in NIST 800-53 controls analysis.
• Conduct analysis on the effectiveness of POA&M management when conducting risk assessments.
• Analyze MITRE Tactics and Techniques for CBP’s CTI Threat Actors and additional threat actors targeting system.
• Prioritize system assets based on impact levels.
• Identify Response activities, including Contingency Plan, data backups, alternate processing sites, etc.
• Prioritize recommendations to mitigate risk levels.
• Apply knowledge of the Risk Management Framework (RMF) and the System Development Life Cycle (SDLC) to daily activities.
• Analyze SSPs, Risk Assessment Reports or security related documentation.
• Formulate security compliance requirements for systems.
• Identify security issues when reviewing security documents.
• Utilize CBP’s intelligence/security tools to capture data points for Risk Assessments: Axonius, CrowdStrike, Swimlane, CSAM, Splunk, ARM (Active Risk Manager), Digital Guardian, Recorded Future.
• Support CBP Component - Cybersecurity Acquisition Risk Management (C-CARM) in establishing an effective security infrastructure by ensuring CBP program cybersecurity threats and risks are identified, assessed, and documented throughout the acquisition lifecycle.
• Monitor Body of Evidence (BoE) for each Acquisition Decision Event (ADE) and actively communicate concerns to promote programs milestone success.
• Organize and secure program BoE by regulation of Teams channel.
• Communicate between Programs and cybersecurity risk assessment functionaries.
• Support C-CARM in guiding programs on the methodology and sequence for consistent and concise Threat Assessment.
• Ensure the C-CARM SOP is up-to-date and consistent with current processes.
• Create various PowerPoint Presentation briefs for the respective Gov’t leads.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.