Senior Cybersecurity Subject Matter Expert
- Full-Time
- Washington, DC
- Guidehouse
- Posted 2 years ago – Accepting applications
The individual will oversee the Cybersecurity subject matter expert (SME) in documenting the design of information security controls and develop plans of action and milestones (POA&M) for any controls deemed as not designed or operated effectively, responding to the client's A&A assessors in connection with the new ICAM solution authority to operate (ATO) processes, and responding to information requests with respect to Office of the Inspector General (OIG) and the Government Accountability Office (GAO) audits and the Office of Management and Budget (OMB) Appendix A-123 assessment.
The individual will contribute to the development and maintenance of an integrated master schedule (IMS) in Microsoft Projects in connection with the information security workstream on the enterprise information technology implementation project. The individual will contribute to the project risks/issues log as needed. The individual will coordinate with the Cybersecurity subject matter expert (SME) and the A&A specialist on the team, the team leads, project management, and client stakeholders to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will oversee the Cybersecurity SME in preparing plans of action and milestones (POA&M) and remediation of control weaknesses. The individual will also participate in project management reviews (PMR) with project management and the client and other project management and integrated project team meetings. Qualifications: The following qualifications are REQUIRED to be considered for this role:
- Minimum of 5 years of experience consulting to the US Federal government, evaluating the security posture of information systems in accordance with federal information security requirements and industry leading guidance and providing risk-based observations and recommendations for improving information systems security, controls, and operation
- Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific/technical discipline is contractually required
- Certified Information System Security Professional (CISSP) Certification
- US Citizenship and the ability to obtain a DHS Public Trust clearance is contractually required
- Demonstrated comprehension and application of standards and guidance per the National Institute of Strategy and Intelligence (NIST), the Committee on National Security Systems (CNSS), and the Federal Information Security Modernization Act (FISMA) following Federal Information System Controls Audit Manual (FISCAM) and the Government Accountability Office (GAO) Standards for Internal Control in the Federal Government (“Green Book”), NIST Special Publications (SP) 800-37 and 800-53, NIST Federal Information Processing Standards (FIPS) 199 and 200, and Department of Homeland Security (DHS) 4300A Sensitive Systems Handbook
- Demonstrated experience working with information system stakeholders in aiding them to understand information security requirements related to federal and industry standards, i.e., NIST, DHS 4300A, CNSS, and design and operate information security controls for enterprise technology solutions to include ICAM
- Demonstrated experience developing and maintaining information security processes and documents, i.e., policy, plans, standard operating procedures (SOP)
- Demonstrated experience preparing detailed remediation activities in plans of action and milestones (POA&M) and coaching information system stakeholders through the remediation process to ensure effective design and sustained operation of information security controls
- Excellent written and oral communication skills
- Attentiveness to detail with excellent organizational and time management skills
- Advanced familiarity with Microsoft Office, i.e., Word, PowerPoint, and Excel
- Certified Information Systems Auditor (CISA)
- Experience using various governance, risk, and compliance (GRC) solutions to document control assessment results and POA&Ms, i.e., Xacta, C-SAM, etc.
- Experience assessing ICAM solutions for compliance with information security guidelines and compliance requirements
- Experience conducting verification and validation (V&V) over information security control remediation activities to determine extent to which such efforts are successful in resolving control weaknesses/audit findings
- Passion for continuous learning
- Ability to handle multiple tasks simultaneously and switch between tasks quickly
- Experience working in DHS, Department of State, and/or Department of Defense government agency information technology environment a plus
About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.
Rewards and Benefits
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
- Medical, Rx, Dental & Vision Insurance
- Personal and Family Sick Time & Company Paid Holidays
- Position may be eligible for a discretionary variable incentive bonus
- Parental Leave and Adoption Assistance
- 401(k) Retirement Plan
- Basic Life & Supplemental Life
- Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
- Short-Term & Long-Term Disability
- Tuition Reimbursement, Personal Development & Learning Opportunities
- Skills Development & Certifications
- Employee Referral Program
- Corporate Sponsored Events & Community Outreach
- Emergency Back-Up Childcare Program