Independent Risk Assessment Program Manager - McLean, United States - Steampunk

Steampunk

Verified Company

McLean, United States

3 weeks ago

Posted by:

Mark Lane

beBee recruiter

Description

Overview:

Steampunk is a proven, results-focused cybersecurity, management, and information technology services firm committed to support federal agencies that focus on protecting and defending our nation's homeland security, intelligence, and stability. In a rapidly changing threat landscape, we have the organizational agility, deep homeland security experience, cultural insight and multidisciplinary expertise to help our customers accomplish today's mission and anticipate tomorrow's demands, efficiently and cost-effectively.

Steampunk professionals work with our federal agency customers in the administration and oversight of large government programs and initiatives.

As a member of one of our DHS support teams, you will play an important role performing a wide array of security compliance and oversight tasks to successfully accredit and maintain accreditation of critical information systems.

Contributions:

As the
Independent Risk Assessment (SCA) Program Modernization Lead, you will play a pivotal role in modernizing and enhancing the risk assessment program for a large federal law enforcement agency, ensuring program and practices align with best practices and evolving industry standards.

You will be responsible for leading the transformation of our risk assessment methodologies and strategies.

As a Leader of one of our DHS support teams, you will play an important role performing a wide array of team leadership duties including:

Oversee the identification and assessment of risks across the organization, including conducting independent risk assessments.
Develop and execute a comprehensive strategy for modernizing the Independent Risk Assessment (SCA) program in alignment with evolving risk assessment practices and industry standards.
Assess the organization's existing IT security program, work products, and tools in relation to key agency mission, security goals, and objectives.
Continuously evaluate and enhance the SCA program to adapt to emerging threats and improve risk management effectiveness.
Integrate data analytics and modeling into risk assessments to enhance predictive capabilities and decisionmaking.
Ensure the SCA program aligns with regulatory requirements and industry standards, and proactively adapt to changes in these areas.
Develop and update policies, procedures, and guidelines related to risk assessment and management practices.
Develop, engineer and implement sustainable security testing solutions designed to address program gaps.
Assess and articulate risk in relation to mission/business objectives and processes.
Document evaluation of security processes and status in support of security authorization (also referred to as C&A or A&A) activities.

Qualifications:

Required Qualifications:

Possesses and applies expertise on multiple complex work assignments which are broad in nature, requiring originality and innovation in determining how to accomplish tasks.
U.S Citizen
Strong analytical and problemsolving skills, with the ability to assess complex risk issues.
Experience planning and leading major technology projects.
Evaluates performance results and recommends major changes affecting project growth and success.
Functions as a technical expert across multiple project assignments.
Must have 10 years of IT experience (inclusive of 5 year of Cybersecurity experience) if you hold a BS or Master's Degree in an IT field. Or, 12 years of IT experience (inclusive of 7 years of Cybersecurity experience) if you hold a BS in a nonIT field. Or, 15 years of IT experience (inclusive of 9 years of Cybersecurity experience) if you do not have a degree.
Must have an active, CISSP, CAP or CISA certification.

Preferred Qualifications:

Indepth knowledge of risk assessment methodologies, frameworks, and regulatory requirements.
Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 80030, 80037, 80039, 80053, 80060
Extensive experience as an Information System Security Officer (ISSO) or Information Security Engineer
Extensive experience in independent risk assessment program management, including modernization initiatives and compliance with risk management standards.
Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring
Experience in developing and implementing risk management policies and practices.
Experience with POA&M management
Experience performing Security Authorization
Experience performing Risk Analysis and Assessment
Experience with XACTA or similar tool
Should be able to support a minimum of four of the areas listed:
Security Control Assessment
Security Code Analysis
Product Evaluation
Document Review and Security Technical Writing
Risk Assessment and Risk Management
Policy and Audit Services
5 or more years directly supporting security of IT systems

**Demonstrated capabilities perfo