Current jobs related to Enterprise Cybersecurity Risk Management and Compliance Lead - Springfield, Illinois - Rigil Corporation
-
Cybersecurity Manager
3 days ago
Springfield, Illinois, United States Rividium Inc Full timeAbout the RoleRiVidium Inc, a leading provider of cybersecurity solutions, is seeking an experienced Cybersecurity Manager to join our team. As a key member of our security team, you will be responsible for ensuring the cybersecurity of our programs, organizations, systems, and enclaves.Key ResponsibilitiesAcquire and manage necessary resources to support IT...
-
Cybersecurity Manager
1 week ago
Springfield, Illinois, United States Rividium Inc Full timeJob DescriptionRiVidium Inc, a leading provider of cybersecurity solutions, is seeking a highly skilled Cybersecurity Manager to join our team. As a key member of our security team, you will be responsible for ensuring the confidentiality, integrity, and availability of our systems and data.Key Responsibilities:Develop and implement cybersecurity policies...
-
Cybersecurity Program Manager
7 days ago
Springfield, Illinois, United States The Staffing Resource Group Inc Full timeJob Title: Technical Cybersecurity SpecialistWe are seeking an experienced Cybersecurity Specialist to lead a critical infrastructure security initiative, with a specific focus on a DOD ICS project. The ideal candidate will have a strong background in ICS security, cyber security, program management, and extensive experience working with the DOD ICS...
-
Cybersecurity Project Manager
4 weeks ago
Springfield, Illinois, United States InfoReliance Full timeJob Title: Cybersecurity Project ManagerInfoReliance is seeking a highly skilled Cybersecurity Project Manager to join our team. As a Cybersecurity Project Manager, you will be responsible for leading and managing complex cybersecurity projects from initiation to delivery. Your primary focus will be on ensuring the successful execution of projects, meeting...
-
Cybersecurity Architect
3 weeks ago
Springfield, Illinois, United States Illinois Secretary of State Full timeJob Title: Cybersecurity ArchitectJoin the Illinois Secretary of State team as a Cybersecurity Architect, responsible for designing, implementing, and overseeing the organization's cybersecurity architecture and infrastructure.Key Responsibilities:Design and implement secure network architectures, including firewalls, VPNs, and intrusion detection...
-
Cybersecurity Strategist
4 weeks ago
Springfield, Illinois, United States NTT DATA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Strategist to join our team at NTT DATA. As a key member of our security team, you will be responsible for developing and implementing comprehensive cybersecurity strategies aligned with our clients' business objectives.Key ResponsibilitiesServes as the primary point of contact for key clients,...
-
Cybersecurity Analyst
1 week ago
Springfield, Illinois, United States GuidePoint Security Full timeGuidePoint Security is a trusted cybersecurity expert that provides expertise, solutions, and services to help organizations make informed decisions and minimize risk. Our team of skilled professionals performs in-depth analysis of potential cybersecurity incidents and provides formal recommendations to organizational leadership.As a Security Operations...
-
Cybersecurity Architect
7 days ago
Springfield, Illinois, United States Illinois Secretary of State Full timeJob Summary:The Illinois Secretary of State is seeking a highly skilled Cybersecurity Architect to design, implement, and oversee the organization's cybersecurity architecture and infrastructure. This role requires a comprehensive understanding of both hardware and software security solutions to develop robust security frameworks that protect against...
-
Enterprise Risk Management Intern
2 weeks ago
Springfield, Illinois, United States Associated Electric Cooperative Full timeUnlock a Rewarding Career at Associated Electric CooperativeAt Associated Electric Cooperative, we offer a unique opportunity for students to gain valuable experience in the field of risk management. Our organization is committed to providing safe, reliable, and affordable energy to our member-owners, and we're seeking talented individuals to join our...
-
Senior Cybersecurity Strategist
3 days ago
Springfield, Illinois, United States NTT DATA Full timeAbout the Role:The Principal Security Consultant at NTT DATA is a highly skilled expert responsible for translating clients' cybersecurity requirements and customizing and implementing security solutions into specific systems, applications, and product designs.This role identifies and develops the security solutions for clients using company products,...
-
Cybersecurity Project Manager
3 days ago
Springfield, Illinois, United States Rockwell Automation Full timeJob DescriptionAt Rockwell Automation, we are seeking a highly skilled Cybersecurity Project Manager to join our team. As a key member of our Cybersecurity Delivery Office, you will be responsible for overseeing multiple projects and ensuring their successful completion. Key Responsibilities:Develop a deep understanding of projects within our program...
-
Cybersecurity Expert
3 days ago
Springfield, Illinois, United States S2 Analytical Solutions Full timeCybersecurity SME Role OverviewThis position serves as a Cybersecurity subject matter expert responsible for advising the government on the development and execution of the strategic and tactical cybersecurity program with a focus on the coordination and development of system security concepts, capabilities, and problem resolution.Key...
-
Cybersecurity Analyst
3 weeks ago
Springfield, Illinois, United States ManTech International Corporation Full timeSecure Our Nation, Ignite Your FutureManTech International Corporation is seeking a highly motivated and customer-oriented Cybersecurity Analyst to join our team in the Springfield area.Key Responsibilities:Provide detection, identification, and reporting of possible cyber-attacks/intrusions, anomalous activities, and misuse activities.Administer...
-
Risk Management Specialist
3 days ago
Springfield, Illinois, United States Risk Strategies Full timeThe Account Executive role at Risk Strategies is a key position responsible for managing a complex book of business, including placement and client management. The ideal candidate will have a deep understanding of Property & Casualty business and experience in a brokerage environment.Key responsibilities include overall Service, Placement and Business...
-
Cyber Security Program Manager
1 week ago
Springfield, Illinois, United States Apex Systems Full timeJob Summary:We are seeking an experienced Program Manager to lead a federal contractor team of 50+ professionals. The ideal candidate will have a strong background in cybersecurity and experience in developing and delivering cyber operations, information assurance, and continuous improvements.Key Responsibilities:Lead a team of 50+ professionals in a federal...
-
IT Enterprise Governance Manager
4 weeks ago
Springfield, Illinois, United States V2X Full timeJob Title: IT Enterprise Governance ManagerV2X is seeking an experienced IT Enterprise Governance Manager to join our team. As a key member of our IT organization, you will be responsible for assisting the Chief of Budget and Performance with the following activities:Key Responsibilities:Develop and implement a scalable and sustainable governance methodology...
-
Cybersecurity Systems Engineer
2 weeks ago
Springfield, Illinois, United States General Dynamics Information Technology Full timeJob OverviewWe are seeking a skilled Systems Engineer to support the implementation and integration of unified security and endpoint management solutions. The ideal candidate will play a crucial role in the knowledge transition process, ensuring seamless integration and effective utilization of these solutions within our security infrastructure.Key...
-
Senior Cybersecurity Engineer
1 month ago
Springfield, Illinois, United States V2X Full timeJob Title: Senior Computer Network Defense EngineerV2X is seeking a highly skilled Senior Computer Network Defense Engineer to join our team. As a key member of our cybersecurity team, you will be responsible for designing, implementing, and maintaining our computer network defense capabilities.Responsibilities:Develop and manage tools, tactics, and...
-
Cybersecurity Engineer, Lead
1 week ago
Springfield, Illinois, United States The MITRE Corporation Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Engineer, Lead to join our team at The MITRE Corporation. As a key member of our Cyber Solutions Innovation Center, you will apply your expertise in cyber security and information system engineering to enhance the security of our nation's cyber systems.Key Responsibilities:Supporting technical...
-
Cybersecurity Expert
1 week ago
Springfield, Illinois, United States S2 Analytical Solutions Full timeCybersecurity SME Job DescriptionThis role serves as a Cybersecurity subject matter expert responsible for advising the government on the development and execution of the strategic and tactical cybersecurity program with a focus on the coordination and development of system security concepts, capabilities, and problem resolution.Key Responsibilities:Support...
Enterprise Cybersecurity Risk Management and Compliance Lead
2 months ago
Role:
Enterprise Cybersecurity Risk Management and Compliance Lead
About Rigil
Rigil is an award-winning, woman-owned, small business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Location:
Springfield, VA 22150
Job Type:
Full Time
Job Description:
The area of responsibility for the lead includes, but is not limited to: FISMA Inventory Management Enterprise Common Controls Program Enterprise Cybersecurity Governance, Risk, and Compliance Support DHS Cybersecurity Governance – Policy, Procedures, Guidance, Templates Management Security Authorization POA&M Oversight.
The lead is responsible for monitoring the performance of staff and the quality of deliverables for the assigned task area.
FISMA Inventory Management:
Strengthen data quality through increased automation in the Department's system of record, customization of additional agencydefined data items, and improved workflows.
Provide maintenance, development, support, recommendations for old and new initiatives pertaining to FISMA Inventory using efficient, new, costeffective processes and technologies of the DHS FISMA Compliance Tool and front-end applications.
Lead in automation and development of all stages of Inventory Workflow Process (i.e., the Inventory Change Request (ICR), reporting, and all approval process in current and new platforms).
Develop, maintain, and update policies and standard operating procedures for all inventory tasks and reporting.Keep up-to-date internal SOP/documentation of all Inventory processes in Microsoft Teams or any other applications in use (shared folders/drives, SharePoint, etc.) as specified by the Federal Lead.
Plan, host, and coordinate Component Inventory Quarterly Discovery Meetings to obtain general organizational information and updates, additions, or modifications to the Component FISMA Inventory for thepurpose of system discovery.
Conduct reviews, maintain, and update the FISMA Inventory to ensure that all system categorizations and data align with all data sources.
Capture and maintain a list of third-party systems and External Information Systems (EIS) that process or store DHS data in accordance with OMB directives.
Ensure that all EISs are captured in the DHS FISMA Compliance Tool and adhere to requirements set forth by the DHS FISMA System InventoryMethodology and any other relevant policies.
Generate and automate monthly and quarterly reports pertaining to FISMA Inventory, including but not limited to the Monthly Inventory Report for the Enterprise Cybersecurity Governance Division, Component monthly reports, and Special Designation Reports such as Cloud, Financial, High-Value Assets (HVA), and Mission Essential systems.
Prepare documentation such as the inventory breakdown per Component,Component brief, and report schedules, executive summary reports for each DHS Component before and after Component Inventory Quarterly Discovery Meetings.
Ensure the proper forms and supporting documentation are submitted via the correct workflow, with the appropriate signatures (i.e., CISO, CFO, etc.) to track/manage inventory changes and Federal approvals (i.e., Compliance Designees, Capital Planning and Investment Control (CPIC) Admin Team, FISMA Inventory Management Team, etc.) before requests are processed in the DHS FISMA Compliance Tool.
Process daily ICRs from DHS components and maintain the FISMA Inventory Mailbox. Research and provide responses to customer(s) on ICRs processed. Respond to all ServiceDesk and direct inquiries related to FISMA Inventory. Ensure that all requests are completed each month. Create/automate Monthly ICR Report and include ICR metrics in theMonthly Inventory Report for the Enterprise Cybersecurity Governance Division. Create/update Inventory Process and Training PowerPoint Slides presentation as needed. Routinely update the DHS FISMA Inventory Change Request Form and DHS ICR How-To Instruction. Support and collaborate on general annual policy updates and process changes. Provide responses in support of audits related to cybersecurity. Coordinate and follow up with Subject Matter Experts (SMEs) to generate responses, update, finalize, and submit cybersecurity reports. Gather responses, review/validate responses with SMEs, compile the report, and brief CISOD management.
Prepare various reports and executive summaries, talking points, and PowerPoint slide decks for briefing to CISO and CIO as required by CFO, OMB, and other executive directives.
Provide support to the Federal Lead in all aspects of the FISMA Inventory Program. Maintain and update the DHS FISMA System Inventory Methodology. Recommend and implement improvements to the Methodology as approved by the Federal Lead. Maintain and update FISMA Inventory and the back-end databases. Provide information/feedback for any updates to the ServiceNow Application contents as needed/required. Integrate current databases and application/tools, upgrade, and migrate data to new tools. Provide support to the system boundary consolidation effort. Perform routine Inventory Management Support. Assist with the collection, coordination, consolidation, and analysis of data calls as needed by the Federal government. Provide developers with clear guidance regarding necessary changes and updates to the authorized application or platform. Supply a ServiceNow Developer to perform day-to-day upkeep and maintenance of ServiceNow, make necessary modifications, apply fixes to the back-end of the portal where applicable, and add new features andfunctionalities according to customer-provided priority.
Enterprise Common Controls
Program:
Provide oversight of all common control providers. Ensure that testing of common controls is being conducted in accordance with the Risk Management Framework and 4300 policy.
Conduct annual reviews of Common Control Providers and Programs. Host the DHS Common Controls Working Group quarterly. Support and maintain the Common Control Implementation Guide, Common Controls Methodology, and training materials. Conduct formal Common Controls DHS-wide compliance training to HQ components at least bi-annually. Provide monthly reporting on Common Control Providers and Programs.
Review Control Implementation Statements in Component Programs for at least 3 providers each month (Validate that Programs are not providing system level implementations or provide justification).
Review, track, and report on all Program POA&Ms. Review Control Inheritance in consuming Systems for at least 3 systems per month. Review/Track all providing systems for completion of annual assessments in the DHS FISMA Compliance Tool.Enterprise Cybersecurity Governance, Risk, and
Compliance Support:
Develops and maintains Department level cybersecurity policies that govern the implementation of the DHS Information Technology cybersecurity program.
Risk Management and Governance establishes and implements standards and frameworks for identifying and managing FISMA and FedRAMP compliance, cybersecurity risks, and information system inventory across the Department.
DHS Cybersecurity Governance:
Serve as an advisor to DHS Enterprise Cybersecurity Governance (ECG) Division personnel who represent DHS to external Government Agencies and Cybersecurity forums and discussions, as they relate to DHS
Enterprise compliance activities.
Develop Department-wide cybersecurity policies and standards based on DHS Strategies and frameworks, including the Cybersecurity Framework, Risk Management Framework (RMF), NIST Artificial Intelligence (AI) RMF, Machine Learning, Robotic Processing Automation, SELC, Secure Development and IT Operations, and the Cybersecurity Acquisition Lifecycle (Cyber ALF), Internet of Things and Operational Technology (IoT/OT).
Conduct research on newly released Presidential Executive Orders (EOs) and OMB Memos being issued. Review current DHS policies and procedures, and provide DHS Fed Leads with recommendations on meeting requirements identified in the memos,EOs, or both.
Coordinate across DHS Offices, Lines of Businesses, and Components to develop and maintain requirements for system security documentation for enterprise IT infrastructures, platforms, hardware, and software.
Provide responses in support of audits related to cybersecurity. Coordinate and follow up with SMEs to generate responses, update, finalize, and submit cybersecurity reports. Gather the responses, review/validate responses with SMEs, compile thereport, and brief CISOD management.
Prepare various reports and executive summaries, talking points, and PowerPoint slide decks for briefing to CISO and CIO as required by CFO, OMB, FNR, and other executive directives.
Develop and oversee the process, procedures, work instructions, and documentation (i.e., templates) to support the DHS Cybersecurity Risk Management Framework (RMF) functional areas for the Department.
Policy, Procedures, Guidance, Templates Management:
Identify improvements and propose updates for the DHS 4300 Policy series, policy attachments, memos, and any other directives impacting the agency's cybersecurity posture.
Provide recommendations for policy updates for areas applicable to Security Authorization, POA&M and Management known and identified findings, Ongoing Authorization, and Document Review.
Maintain, update, or revamp the SA Guides, DR Methodologies and checklists, and Templates (FIPS199 workbook, E-Authentication, Security Assessment Report (SAR), Security Assessment Plan (SAP), Risk Assessment (RA), Configuration Management (CM), Contingency Plan (CP)/CP Test, Business Impact Analysis (BIA), etc.).
Develop and oversee the process, procedures, work instructions, and documentation (i.e., templates) to support the DHS Cybersecurity Risk Management Framework (RMF) functional areas for the Department.
Perform gap analysis, recommend efficiencies, streamline, modernize, automate, standardize, and document cybersecurity processes (including but not limited to:Security Authorization, Risk Management, Ongoing Authorization, Continuous Monitoring, Weakness Management, Document Review) and methodologies to be employed across HQ components. Develop, update, and maintain internal Standard Operating Procedures for executing the system compliance review methodology.
Ensure that documents reviewed are complete and up to date with OMB, Federal Information Security Management Act (FISMA) reporting requirements, and DHS Information System Security Plan (ISPP).
General (Reporting, Planning, and Maintaining): Provide situational awareness of cybersecurity risks in support of the Department's IT governance and enterprise risk management activities.
introduce efficiencies to cybersecurity programs across DHS (e.g., integration of GenAI or other AI/ML technologies). Coordinate and follow up with SMEs to generate responses, update, finalize, and submit cybersecurity reports. Gather, review, and validate responses with SMEs, compile the report, and brief CISOD management. Collaborate with other teams to ensure that cybersecurity processes are effectively maintained and tracked.
Conduct research on cyber threats, assess the protections in place to mitigate cyber threats, determine and document risks to DHS assets in a corresponding Risk Assessment Report.
Support and provide responses for internal or external audit inquiries, including FISMA evaluations, Financial Internal Control audits, and audit requests from the General Accountability Office (GAO) or Office of the Inspector General.
Develop dashboards and reports for executive or managerial briefings for enterprise governance and compliance-related matters. Provide support to Fed Leads by attending meetings/working groups that impact cybersecurity risk, governance, and compliance for DHS.Conduct and deliver Risk Assessment Reports, determining overall risk profile, gaps in meeting or adhering to FedRAMP requirements, threats, impact, and likelihood of a security compromise.
Identify and recommend compensating measures to mitigate risks to an acceptable level.Maintain logs of all review activities and develop and recommend metrics to improve the overall Department's information security posture and performance.
Security Authorization:
Research and identify efficiencies to mature the DHS security authorization (SA) process and develop recommendations to implement solutions into the current SA process, including traditional Authority to
Operate (ATO), Ongoing Authorization, ATO with conditions, FedRAMP authorizations, Reciprocity, etc.
Standardize the Security Authorization and Risk Management process to follow an agile, streamlined security authorization model characterized by efficient processes and delivering value, visibility, and adaptability to the organization.
Perform document review (DR) and validate that SA documents submitted for SA meet DHS standards, including initial authorizations,reauthorizations, ongoing authorization, and any other type of SA processes defined within DHS. Conduct SA document quality reviews and assess completeness based on established criteria and DHS quality standards, ensuring that applicable
DHS and NIST controls have been properly documented.
Documents, artifacts, and implementations to be reviewed include, but are not limited to, Security Assessment Plan, Security Assessment Report, System Security Plan, Plan of Actions and Milestones, Business Impact Assessments (BIA), Contingency Plans (CP), Contingency Plan Testing (CPT).
Develop, maintain, and update the document review methodology and annual review criteria as required, including recommendations on the scope and process of the reviews.
Provide weekly/monthly/quarterly/annual/ad hoc reports on the DR reviews conducted and issues resolved or outstanding, meeting minutes, user feedback, and propose process improvements to Federal DR Team Lead.
Collaborate with Component and system personnel to address SA document reviews, questions, and issues identified. Provide system security expertise to assist ISSOs and system stakeholders with the development and maintenance of system security documentation.Review, track, and distribute weekly/monthly reports on CP/CPTs expired, expiring in 30 days, and expiring in 60 days for HQ components.
Also, track and report Privacy documents that are expired or expiring monthly to DHS Components.Provide customer service support to DHS HQ components by responding to DHS Helpdesk tickets that pertain to DR and SA-related activities.
Oversight of Enterprise Plan of Actions and Milestones (POA&Ms)Program:
Manage and maintain the Department's official repository for POA&M to address weaknesses disclosed by FISMA evaluations, Financial Internal
Control audits, security control assessments, and Continuous Monitoring activities. Develop, maintain, and update POA&M operating procedures to review POA&M weakness remediation activity for effectiveness and quality.
Develop strategies for evaluating overall Department and Component risks associated with outstanding weaknesses.
Conduct weekly POA&M monitoring and review to ensure mitigation due dates do not expire, and work with DHS Component representatives to ensure POA&M accuracy and timely closures.
Artificial Intelligence/Machine Learning Develop and manage cybersecurity training materials and resources to provide guidance regarding the implementation and use of various AI/ML technologies (e.g., GenAI) across DHS environments.
Work with Fed Lead and other DHS offices to identify, develop, and plan for the integration of AI/ML technologies within DHS environments.
Perform evaluations of AI/ML technologies to determine how the tools can be safely utilized by DHS personnel. Prepare risk recommendation packages (e.g., risk assessment, tools evaluation, decision memo, etc.) for review by management and leadership.Training
Program:
Coordinate and collaborate with the Cybersecurity Awareness Training Branch to provide subject matter expertise on Federal and Departmentwide cybersecurity policies and standards, strategies, and frameworks to
include the Cybersecurity Risk Management Framework (RMF), NIST Artificial Intelligence (AI) RMF, Machine Learning, Robotic Processing Automation, SELC, Security Development Operations (SecDevOps), and the Cybersecurity Acquisition Lifecycle (Cyber ALF).
Minimum Qualifications:
Bachelor's Degree in Computer Science or related field. Minimum 10 years of relevant experience. Must currently hold an active SECRET clearance.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
About Rigil
Rigil is an award-winning, woman-owned business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
