SME Information Security Analyst

About The Position

Requirements

• Bachelor's degree in STEM field (preference given to fields related to a core area of FIRB cybersecurity and technology interest), OR at least 10 years of work experience in cybersecurity controls/system implementation and/or cybersecurity auditing and compliance may substitute for the bachelor's degree
• At least 8 years of work experience in cybersecurity controls/system implementation and/or cybersecurity auditing and compliance, or other related fields
• Must have and maintain at least one active (in good standing) cybersecurity certification for which a test is required
• Widely recognized certifications such as the Certified Information Systems Security Professional (CISSP) may substitute for 1 year of work experience, depending on the level and relevance
• Demonstrated ability to conduct research and analysis in an area related to core FIRB area of cybersecurity and technology interest
• Demonstrated analytic writing and communication ability
• Mastery of and skill in applying cybersecurity and technology principles, concepts, methods, standards, and practices
• Proficient in Microsoft Office including Word, Access, Excel, and PowerPoint
• Proficient in use of intelligence research tools, such as Wirescreen, Pitchbook, or Sayari
• Possess TS/SCI clearance prior to starting work

Nice To Haves

• Advanced degree in cybersecurity, information security, computer science, or related field
• Multiple cybersecurity certifications (e.g., CISSP, CISM, CEH, GIAC certifications)
• Experience with CFIUS or Team Telecom case reviews
• Knowledge of critical infrastructure cybersecurity frameworks (NIST CSF, ICS/SCADA security)
• Experience with cybersecurity audit and compliance frameworks (ISO 27001, FedRAMP, FISMA)
• Experience working with federal agencies on national security cybersecurity matters
• Expertise in emerging cybersecurity threats and mitigation strategies

Responsibilities

• Serve as Subject Matter Expert (SME) for transactions for which the contractor has relevant technical expertise or experience
• Identify and describe vulnerabilities, consequences, and mitigations based on submitted applications and materials for active Team Telecom cases, differentiating between common and unique, novel, or complex risks in a manner that is clear, actionable, and representative of CISA and DHS equities
• Identify and describe vulnerabilities, consequences, and mitigations based on submitted materials for CFIUS cases, differentiating between common and unique, novel, or complex risks in a manner that is clear, actionable, and representative of CISA and DHS equities
• Assess the ability of Risk Based Assessments (RBA) to mitigate case risks and provide recommendations for RBA modifications if risk mitigation capability is found lacking
• Assess submitted case materials against best practices and industry standards for new applications and cases and for evidence of compliance with Letters of Agreement (LOAs) and National Security Agreements (NSA); generate recommendations for improvement
• Track and monitor transaction party compliance with established mitigation measures
• Review and assess audits and other assessment reports pertaining to cybersecurity and technology, such as cybersecurity audits
• Write materials that translate analytic insights into actionable recommendations
• Analyze and assess cybersecurity and technology risks in all FIRB matters
• Advise on any cybersecurity and technology questions related to risk and potential measures that could mitigate these risks
• Produce risk evaluations and appropriate mitigations for cases involving particularly novel or complex cybersecurity and technology questions
• Describe common vulnerabilities/risks and associated mitigations within cybersecurity and technology topics in core areas of interest to CISA
• Document descriptions of industry, cybersecurity, and technology trends in CISA FIRB's core areas of interest
• Identify potential, risk-informed strategies for mitigating and/or managing cybersecurity and technology risks associated with all FIRB matters
• Conduct activities required to assist FIRB in identifying, assessing, communicating, mitigating, or otherwise evaluating or describing any cybersecurity and technology questions
• Utilize classified information systems for review of intelligence products relevant to active cases
• Perform cybersecurity and technology focused research and analysis tasks
• Identify and describe key cybersecurity and technology topics, trends, and discussions and their relevance to or impact on CFIUS or Team Telecom case reviews
• Develop materials to communicate, educate, and document analytic work for subject matter experts and non-expert stakeholders
• Clearly document and communicate analysis in written products and oral briefings
• Represent CISA and NRMC and participate in Government meetings in coordination with FIRB federal employees
• Apply mastery of cybersecurity and technology principles, concepts, methods, standards, and practices to develop strategies for identifying short- and long-term national security risk from foreign investment
• Apply comprehensive knowledge of advanced and sensitive cybersecurity and technology topics underlying U.S. industrial, military, intelligence, critical infrastructure, and law enforcement sectors

Benefits

• Health (PPO & HDHP) Insurance
• Dental
• Vision
• STD & LTD
• Basic Life Insurance
• 401k Company Match
• & Voluntary Products