A

Sr. Cyber Security Risk Expert (Hybrid)

A.C. Coy
Remote
United States

Overview

  • Tier One Technologies is looking for a Sr. Cyber Security Risk Expert for our direct US Government client.
  • This contract-to-hire position can be located in Falls Church, VA or in Morrisville, NC.
  • SELECTED CANDIDATES WITHOUT REQUIRED CLEARANCE WILL BE SUBJECT TO A FEDERAL GOVERNMENT BACKGROUND INVESTIGATION TO RECEIVE IT.

Responsibilities

  • Design and administer procedures in the organization that sustain the security of the organization’s data and access to its technology and communications systems.
  • Assess the risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization’s systems and the data contained in them.
  • Manage Engineering activities, deliverables, presentations, and briefings.
  • Plan, develop, implement, executing, and improve third-party cyber risk management strategy and practices (public and/or private sector).
  • Adapt and implement industry cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, CIS 18, Zero Trust Principles, FedRAMP).
  • Assess supply chain risk based on recognized audit reports (e.g., SOC 2 Type II) and/or questionnaire responses.
  • Manage and instruct diverse teams with varying levels of subject matter expertise.
  • Actively lead and manage project update briefings, working sessions and stakeholder meetings.
  • Manage competing priorities to ensure timely completion of work.
  • Communicate with cross-functional leadership and other stakeholders (especially supply chain management) on third-party risk management strategy, risk management activities, and risks.
  • Work with the third-party risk assessment platforms (e.g., Process Unity GRX).

Qualifications

  • Must possess a Bachelor’s Degree or Master’s Degree in Computer Science, Information Technology or Information Security (Master’s Degree preferred).
  • 10+ years of experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols.
  • CERTIFICATIONS: (One or more required):
    • CISSP, CCSK/CCSP, PMP and/or CISA certifications
    • CRISC - Certified in Risk and Information Systems Control
    • CISM - Certified Information Security Manager
  • Prior experience working with Risk Management platforms like RSAM (Real-time Seismic Amplitude Measurement) by Diligent.
  • Familiarity with CyberGRX (now Process Unity GRX).
  • Strong Technical Writing experience.
  • Strong contract review and negotiations abilities.
  • Experience with systems engineering discipline.
  • Excellent communication skills.
  • Must be able to obtain a Position of Public Trust Clearance.
  • Be able to pass a drug screening, criminal history, and credit checks.
  • Must be a US Citizen or Green Card holder.
  • Must have lived in the United States for the past 5 years.
  • Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)