Risk Management Lead
Phase One Consulting Group is seeking a Risk Management Lead with previous experience supporting enterprise security services for a Federal government agency. This role is responsible for identifying and assessing information technology and information security risks within a broader enterprise risk management program.Leveraging engineering, operational, and analyst team input, the Risk Management Lead develops and executes strategies to address overall risk to systems and information introduced through recommendations to IT systems owners and senior management. This position requires significant hands-on experience assessing FISMA compliance and the ability to apply the NIST Risk Management Framework. Additionally, this role understands how to utilize NIST documentation, including SP 800-30, SP 800-37, SP 800-53 revision 4, SP 800-128, SP 800-39 and SP 800-137. The Risk Management Lead is able to develop alternative options in maintaining compliance. The individual should have strong communication skills and be willing to take initiative in a dynamic, client-facing environment. Position ResponsibilitiesLead and manage the Security Impact Analysis (SIA) process Influence draft cybersecurity policies and standards, and guide customers towards compliance to enforce cybersecurity standards and policies, evaluate, monitor and report on risk acceptanceContribute to the rollout and optimization of an Information Security Risk Management program to remain effective and relevant through identification, implementation and refinement of critical processes, solutions, policies, procedures KPIs/KRIs/Metrics and other techniquesIdentify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual riskProvide appropriate FIPS 199 impact level designations Assist in developing a common control catalog, and recommending compensating controlsDevelop, review and implement a risk registerAnalyze and recommend solutions for information security problems based on experience and security best practices for major information system products and services Position RequirementsMinimum 7 years of IT Security workStrong understanding of OMB and FISMA mandates surrounding Information SecurityStrong understanding of enterprise IT, including network, platform and application layer security implementationsUnderstanding of engineering implementations and enterprise information system flowsUnderstanding of the impact of cybersecurity enforcement guidelinesSound understanding of all FIPS and NIST Special Publications, including FIPS 199, 800-18, 800-30, 800-37, 800-128, 800-39, 800-53, 800-60, 800-100, 800-115 and 800-137Excellent oral and written communication skillCandidates must be able to work on-site at Federal Agency located in Washington, DC and must be able to pass a US Federal government background investigation and obtain a client badgeBachelor's degree in Information Systems, related discipline or equivalent experienceCISSP, CISM, CAP or similar industry certification preferred. Company ProfileSince 1997, Phase One has supported leading private and public sector clients with their technical solution planning and implementation needs. As specialists in the use of technology to enable missions and businesses, Phase One has world-class capabilities in Agile Development, Infrastructure as a Service, and the use of modern Platform as a Service technologies to build solutions with mind-blowing speed and precision. Phase One also has a full lifecycle CyberSecurity offering, giving clients the strategy, implementation, and operations support to meet their critical security needs.We hire people with talent from a spectrum of backgrounds. This spectrum of talents allows our teams to provide clients with unique and innovative solutions to meet the most complex challenges; whether they are related to people, processes, or technology.Phase One Consulting Group is an equal opportunity and affirmative action employer regardless of a person's race, color, religion, national origin, age, disability, military status, sex, gender expression or identity, or sexual orientation. Click here to review the US Department of Labors EEO is The Law notice and here to review the US Department of Labors EEO is The Law supplemental notice.