Cyber Risk Management Specialist

Steampunk-posted 3 months ago
McLean, VA
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Cyber Risk Management Specialist (CRMS) will specialize in in-depth knowledge of the program's cyber security hygiene, DevSecOps, Risk Management Framework (RMF), Assessment and Authorization (A&A), Federal Risk and Authorization Management Program (FedRAMP) compliance, continuous ATO (cATO) and continuous monitoring. A solid grasp on confidentiality, integrity, and availability (CIA) security concepts is required. The candidate will be responsible for the technical implementation and enforcement of security hardening, vulnerability management, scan analysis, data analysis for metrics reporting, cloud environments, compliance with Federal regulation and policy, and commercial best practices relating to cyber security. The candidate must have the ability to be flexible and adaptive to a fast-paced, fluid business environment.

  • Integrate security into DevOps effectively at every stage of the software development life cycle (SDLC).
  • Identify security holes and potential breaches, work through multifaceted security issues, and create effective solutions based on understanding of risk posture and treatments.
  • Develop and implement tactical strategies for seamless automation to optimize the IT infrastructure.
  • Apply specialized knowledge of financial audit standards, classified system IA requirements, and Privacy Act requirements.
  • Implement the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework.
  • Evaluate system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines.
  • Apply in-depth, hands-on knowledge of the FedRAMP regulations, process, and requirements to lead project and initiative teams in accrediting cloud products and services.
  • Support external audits, data calls, and the Authorization to Operate (ATO) process by coordinating with organization system owners, engineers, CSP’s and Third-Party Assessment Organizations (3PAO).
  • Positively impact the organization’s goals and operational mission through various forms of metric performance measuring tools used to evaluate adherences to compliance.
  • Advise clients on FedRAMP requirements and provide security guidance on the implementation of security compliance controls per technical, management, and operational requirements.
  • Implement, monitor, and assess NIST SP 800-53 security controls for cloud environments to ensure compliance with FedRAMP requirements and governance models.
  • Ensure ongoing compliance with FedRAMP policy and requirements through monthly deliverables, regular vulnerability scanning, penetration testing, contingency testing, and annual security assessments performed by a 3PAO.
  • Support ATO, cATO, and continuous monitoring activities to include security documentation, audit log, security incidents, and risk assessment.
  • Review and manage Plan of Action & Milestones (POA&M), to include remediation tracking and reporting.
  • Ability to obtain a U.S. government Security Clearance.
  • Master's Degree and 1 year of relevant experience; OR Bachelor's Degree and 3 years of relevant experience; OR No degree and 8 years of relevant experience.
  • Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained.
  • Experience in FISMA, cloud cybersecurity architecture, compliance with Federal regulation and policy, and commercial best practices relating to cloud security.
  • Experience in Information Security processes to include RMF, FedRAMP, Compliance, Continuous Monitoring, and Annual Assessments.
  • Certifications in one or more of the following: CISSP, CRICS, CCSP, CAP/CGRC.
  • Certifications in one or more of the following: AWS Certified Solutions Architect, AWS Certified Security, Microsoft Certified Solutions Architect, MCSE Cloud Platform and Infrastructure.
  • Experience conducting assessments in a 3PAO, C3PAO, or risk auditing organization is desirable, but not required.
  • Experience supporting systems in Agile environments.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service