The Peraton CISO office is looking to hire a Senior Cyber Risk Management Engineer to assist the team in coordinating the cyber risk management lifecycle from identification to tracking and closure. He/she will also have a deep cyber & network security background in order to coordinate the risk management process while working across other teams to coordinate and track solutions. The ideal candidate will have a strong background and experience working in the federal sector assessing security controls and understanding implementation language in order to meet those interpreted controls. Strong communication skills and the ability to run risk meetings in order to brief senior leaders and explain risk impact of found vulnerabilities. The candidate will also possess strong writing a PowerPoint development skill to create status and monthly meeting metrics.

Responsibilities:

• (Primary role) Maintain Cybersecurity & IT risk identification, mitigation, and acceptance processes in coordination with security and IT operations. Works with business and functional areas to perform risk assessments and make appropriate risk treatment decisions.
• (Primary Role) Lead risk management meetings with stakeholders to identify, perform risk assessment intake and track enterprise risk through its complete life cycle.
• Provide audit support for DFARs 800-171, ISO 27001 and other audits as needed.
• Plans and coordinates the operational activities to guarantee compliance with governmental regulations and ordinances. The role will also develop risk management strategies to avoid non-compliance findings.
• Duties include but are limited to ensuring that all policies and procedures are implemented and well documented, performing internal reviews, and identifying compliance problems that call for formal attention.
• Assist in the design, deploy, and maintain the IT general control framework that is consistent with NIST 800-171.
• Maintenance and reporting of key information security metrics and reports for both operational management and corporate executives.
• Monitors regulatory environment for impact on security and IT risk programs and initiatives.
• Regularly review policies, standards and procedures to confirm they are current with existing threat landscape.
• Responsible for performing information security risk assessments according to defined scope.
• Responsible for compliance with DFARS/NIST 800-171, ISO 27001, ISO 31000, NIST Cybersecurity Framework, ITAR, and other Federal regulations, including any new regulatory initiatives applicable to the business (e.g. GDPR).

Required Qualifications:

• Bachelor’s degree in any of the sciences, information systems or business with 8 years of experience or master’s degree and 6 years of experience or PhD and 3 years of experience. Equivalent experience may be considered in lieu of degree.
• Proven experience working and assessing security controls within DoD and Federal enterprise environments.
• Experience in FISMA, NIST, ISO or other Federal Assessment and Authorization (A&A) process, tools, and documentation (SSP, POA&M, CP, CM Plan, and others).
• Strong understanding of information security and the relationship between threat, vulnerability, and information value in the context of risk management.
• Ability to work with and guide the company’s operational units in managing overall risk, complying with Federal mandates, and meeting client security requirements.
• Strong understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.)
• US Citizenship

Desired Qualifications:

• CISSP, CISA, CRISC or information security professional certification applicable to risk management.
• Experience in NIST 800-53, NIST 800-160
• Experience with GRC automation software such as ServiceNow Information and Risk Management (IRM), eMass, Archer, CSAM, Xacta or other compliance and workflow tools.
• Possess a good understanding of appropriate leading-edge governance-enabling technologies.
• Ability to analyze complex problems, identify root cause and recommend/negotiate reasonable solutions.