Cybersecurity Policy and Compliance Specialist

McLean, Virginia, United States
Mar 15, 2019
Mar 20, 2019
IT, QA Engineer
Full Time
Job Description Job Number: R0047732

Cybersecurity Policy and Compliance Specialist

Key Role:

Support the firm's security assessment and compliance program by providing expertise in a variety of areas, including security risk assessment, security test and evaluation, development of secure systems and networks, system auditing, vulnerability management, assessment and authorization (A&A), system analysis, and system hardening. Assist system owners, system developers, and system project managers with comprehending their system's security requirements in accordance with applicable laws and regulations and choosing the most appropriate compensating security controls. Conduct security assessments and make accurate evaluations of the level of security required based on risk determinations. Create customized risk assessment packages. Coordinate with ISSOs and system owners to remediate findings resulting from both internal and external audits. Weigh business needs against security concerns and articulate issues to management.

Basic Qualifications:

-5+ years of experience with varied information security fields, including risk management, certification and accreditation, identity and access management, and security testing

-3+ years of experience with performing A&As for information systems and writing system security plans

-Experience with implementing ISO27000 or NIST IT publications and guidelines, including SP 800-series, FIPS 199, and OMB regulations and FISMA

-Experience with assessing against DFARS and 800-171 and Sarbanes-Oxley (SOX) audit requirements and processes and determining systems, network, or infrastructure security requirements and controls against various industry guidance and best practices

-Experience with security control implementation using tools for penetration testing, vulnerability assessment scans, and federal security standards, including FISMA, NIST, DHS, and DIACAP assessment and implementation

-Knowledge of UNIX, Linux, and Microsoft Windows, domains and networking technologies, and associated security measures and policies

-Ability to leverage expertise in English, conduct assessments, and articulate complex ideas and concepts over the telephone

-Ability to obtain a security clearance

-BA or BS degree

Additional Qualifications:

-GSEC, SEC+, CISSP, CISA, CISM, or CAP Certification

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.