Cyber Risk and Compliance SME

This is a fully remote position, open to applicants in District of Columbia, +1 more state.

📋 Description

• Offer expert-level technical advice and analysis to aid in cybersecurity and risk assessment efforts, encompassing supply chain risk management.

• Create, refine, and sustain standard operating procedures (SOPs) to facilitate the execution and implementation of assessments.

• Perform security evaluations and hands-on testing, interpret results, document risks, and propose suitable countermeasures.

• Detect, assess, and report on system vulnerabilities, threats, and security deficiencies.

• Review and provide insights on program-level documentation, which includes: Requirements specifications, System architecture and design documents, Test plans and security strategies.

• Formulate and document security evaluation test plans and procedures.

• Assist in the development and execution of information security policies, standards, and guidance.

• Ensure adherence to relevant frameworks and regulations (e.g., FISMA, NIST, OMB).

• Conduct risk assessments, including the analysis of threats, vulnerabilities, and potential consequences.

• Collaborate with cross-functional teams and stakeholders to support security testing and program aims.

• Lead or engage in technical exchange meetings, documenting outcomes and action items.

• Prepare and present briefings to leadership regarding project status, risks, and key insights.

• Analyze and synthesize data from various sources to generate clear, actionable insights for both technical and non-technical audiences.

• Oversee the design, development, and implementation of security support systems.

• Work with stakeholders to align system functionality with security controls and compliance requirements.

⛳️ Requirements

• Master’s degree (MS/MA) in Cybersecurity, Information Technology, Computer Science, or a related discipline.

• At least 8+ years of pertinent experience in cybersecurity, risk management, or assessment operations.

• Experience in supporting federal or highly regulated environments is preferred.

• Profound knowledge of cybersecurity frameworks and standards (FISMA, NIST, OMB, etc.).

• Experience with risk assessments, vulnerability analysis, and security testing methodologies.

• Ability to convey complex technical concepts in clear documentation and presentations.

• Familiarity with the development of security documentation, including risk assessments, contingency plans, and test reports.

• Strong analytical, problem-solving, and communication abilities.

• Capability to work both independently and collaboratively in a dynamic environment.

🏝️ Benefits

• None specified