RESPONSIBILTIES: The Client maintains on-going awareness of Enterprise and Mission information systems, vulnerabilities, and threats to enhance mitigation solutions and risk decisions. This position will at times drive activities in order to target, assess, exploit and report risks and vulnerabilities of organization systems in order to provide senior decision makers with actionable data to make strategic investment decisions. Roles and responsibilities include but are not limited to:
Ensure assessment deliverables are developed in accordance with Sponsor standards and organizational policies and regulations.
Complete a high-level quality assurance review for all assessment products. Provide trend reporting to Sponsor concerning assessments that do not meet quality standards by identifying and communicating assessment areas of growth and gauging training deficiencies, innovating new products, processes, standards and/or significantly improving upon existing processes or practices
Document and communicate lessons learned, processes and procedures, and other pertinent quality topics in appropriate formats.
Provide research, evaluation and implementation of relevant Information Security policies and guidance driving the targeting, assessment, & evaluation.
Plan, coordinate and participate in project management activities and any necessary control gate reviews to include assistance with technical exchange meetings and preparation of briefings/presentations with project teams.
Analyze workflows, design and develop methodologies to assist internal workflow management, including but not limited to: interactive forms (for example word macros), manuals, processes/procedures, and information sheets.
Write analysis on relatively short notice and responding to data calls.
EDUCATION & EXPERIENCE:
Possess a minimum of 11 years of demonstrated relevant experience employing risk management methodologies, NIST, and/or CNSS guidance, vulnerability assessment scanning tools, network engineering, OR 8 years of demonstrated relevant experience and a Master’s Degree in a related IT field.
Strong Cyber and Cyber Risk technical knowledge and expertise in addition to familiarity with associated processes, standards and procedures