Sr. Cyber Security Risk Expert (Hybrid)
A.C. Coy
Overview
- Tier One Technologies is looking for a Sr. Cyber Security Risk Expert for our direct US Government client.
- This contract-to-hire position can be located in Falls Church, VA or in Morrisville, NC.
- SELECTED CANDIDATES WITHOUT REQUIRED CLEARANCE WILL BE SUBJECT TO A FEDERAL GOVERNMENT BACKGROUND INVESTIGATION TO RECEIVE IT.
Responsibilities
- Design and administer procedures in the organization that sustain the security of the organizationβs data and access to its technology and communications systems.
- Assess the risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organizationβs systems and the data contained in them.
- Manage Engineering activities, deliverables, presentations, and briefings.
- Plan, develop, implement, executing, and improve third-party cyber risk management strategy and practices (public and/or private sector).
- Adapt and implement industry cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, CIS 18, Zero Trust Principles, FedRAMP).
- Assess supply chain risk based on recognized audit reports (e.g., SOC 2 Type II) and/or questionnaire responses.
- Manage and instruct diverse teams with varying levels of subject matter expertise.
- Actively lead and manage project update briefings, working sessions and stakeholder meetings.
- Manage competing priorities to ensure timely completion of work.
- Communicate with cross-functional leadership and other stakeholders (especially supply chain management) on third-party risk management strategy, risk management activities, and risks.
- Work with the third-party risk assessment platforms (e.g., Process Unity GRX).
Qualifications
- Must possess a Bachelorβs Degree or Masterβs Degree in Computer Science, Information Technology or Information Security (Masterβs Degree preferred).
- 10+ years of experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols.
-
CERTIFICATIONS: (One or more required):
- CISSP, CCSK/CCSP, PMP and/or CISA certifications
- CRISC - Certified in Risk and Information Systems Control
- CISM - Certified Information Security Manager
- Prior experience working with Risk Management platforms like RSAM (Real-time Seismic Amplitude Measurement) by Diligent.
- Familiarity with CyberGRX (now Process Unity GRX).
- Strong Technical Writing experience.
- Strong contract review and negotiations abilities.
- Experience with systems engineering discipline.
- Excellent communication skills.
- Must be able to obtain a Position of Public Trust Clearance.
- Be able to pass a drug screening, criminal history, and credit checks.
- Must be a US Citizen or Green Card holder.
- Must have lived in the United States for the past 5 years.
- Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)