Cyber Risk & Compliance SME

About The Position

Requirements

• Master’s degree (MS/MA) in Cybersecurity, Information Technology, Computer Science, or a related field
• Minimum of 8+ years of relevant experience in cybersecurity, risk management, or assessment operations
• Strong knowledge of cybersecurity frameworks and standards (FISMA, NIST, OMB, etc.)
• Experience with risk assessments, vulnerability analysis, and security testing methodologies
• Ability to translate complex technical concepts into clear documentation and briefings
• Familiarity with security documentation development, including risk assessments, contingency plans, and test reports
• Strong analytical, problem-solving, and communication skills
• Ability to work independently and collaboratively in a fast-paced environment

Nice To Haves

• Experience supporting federal or highly regulated environments preferred
• CISSP, CISM, CISA, CEH, or other relevant industry certifications

Responsibilities

• Provide expert-level technical guidance and analysis to support cybersecurity and risk assessment initiatives, including supply chain risk management.
• Develop, enhance, and maintain standard operating procedures (SOPs) to support assessment execution and implementation.
• Conduct security assessments and hands-on testing, analyze results, document risks, and recommend appropriate countermeasures.
• Identify, evaluate, and report on system vulnerabilities, threats, and security gaps.
• Review and provide recommendations on program-level documentation, including: Requirements specifications, System architecture and design documents, Test plans and security plans.
• Develop and document security evaluation test plans and procedures.
• Support the development and implementation of information security policies, standards, and guidance.
• Ensure compliance with applicable frameworks and regulations (e.g., FISMA, NIST, OMB).
• Perform risk assessments, including analyzing threats, vulnerabilities, and potential impacts.
• Coordinate with cross-functional teams and stakeholders to support security testing and program objectives.
• Lead or participate in technical exchange meetings, documenting outcomes and action items.
• Prepare and deliver briefings to leadership on project status, risks, and key findings.
• Analyze and synthesize data from multiple sources to produce clear, actionable insights for both technical and non-technical audiences.
• Provide oversight for the design, development, and implementation of security support systems.
• Collaborate with stakeholders to map system functionality to security controls and compliance requirements.