Risk Assessor

SENIOR RISK ASSESSOR

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

The Senior Risk Assessor's role is to design, develop, engineer, and implement solutions. Perform complex risk analyses which also include risk assessment. This position will also establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. The Senior Risk Assessor will support customers at the highest levels in the development and implementation of doctrine and policies. This position will also apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.

Duties & Responsibilities:

• Assess all applicable security controls defined in the in the mandated DHS Compliance tool and applicable to the systems under their purview.
• Complete a FIPS-199, Privacy Threshold Analysis (PTS), E-Authorization, Contingency Plans (CPs), Contingency Plan Tests, Security Plans.
• Develop the SA Package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, CFO Designation Memo, POA&M finding matrices, Executive Data Sheet (EDS), OA artifacts, etc.
• Gather evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate customer repository.
• Review for upgrades and provide recommendation on whether this will result in major or minor changes and overall cybersecurity impact and utilize tools for tracking of changes.
• Provide recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.
• In view of the remote nature of the contract, an individual Weekly Status Report and Weekly Status Reports Briefing are it is required deliverables for tasks assigned. The resources must have the ability to effectively develop weekly status reports, that are consistent, well structured, answer to all the assigned management templates guidelines, are in alignment with the task area of support, and are relevant to the reporting period. At a minimum the weekly status report should reflect the following:
  • Weekly work accomplished
  • 2 weeks of ongoing and planned tasks
  • Risks, and issues impacting tasks assigned.
• The report format will be primarily MS PowerPoint and MS Project (or other MS tools as required by the management team).
• All Deliverables shall be at a level of accuracy that does not require "return for correction" for typographical and grammatical errors. (Repetitive requests for correction by the management or Government team may result in a determination of failing to meet the basic standards for professional writing, reporting, accuracy, quality, and completeness of the contractual requirements for deliverables.)
• Must have the ability to prepare to present, brief, and explain; all information captured in weekly status report to management and/or government client.
• Analyze IT specifications to assess security risks. Design and implement safety measures and data recover plans. Secure networks.
• Inspect customers systems for vulnerable points of access. Monitor network activities and communicate them to teams.

Required Qualifications:

• Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements technical knowledge of IT systems.
• Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
• Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.

Basic Qualifications:

• Proven experience as a Computer Security Specialist.
• Programming skills are preferred.
• Familiarity with security frameworks e.g., NIST Cybersecurity framework and risk management methodologies.
• Knowledge of patch management, firewalls and intrusion detection/prevention systems.
• Familiarity with public key infrastructure (PKI) and cryptographic protocols e.g. SSL/ TLS.
• An analytical mind with excellent problem-solving ability.
• Outstanding communication and organization skills.
• Decision-making skills.

Education: Bachelor preferable but professional experience is Permitted:

• 7 years minimum of IT Cybersecurity experience including direct support of the US government and 4 years acting as an ISSO, assessor, or compliance analyst OR
• A relevant bachelor's degree in IT, Computer Science or engineering with 5 years of IT cybersecurity experience including direct support for the US Government and 4 years acting as an ISSO, assessor, or compliance analyst

Certifications and Training (Required): At least one of the following security certifications:

• Certified Authorization Professional (CAP)
• Certified Information Systems Security Officer (CISSO)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)

Clearance level:

• Must have at least a Secret Level Security Clearance.

Work Location: Remote

Business Hours: 8:00 am EST - 4:30 pm EST.