GovernmentCIO

  • Cybersecurity Risk Management Analyst

    Job Locations US-DC-Washington
    Posted Date 1 week ago(7/12/2018 4:17 PM)
    Job ID
    2018-1369
    # of Openings
    1
    Category
    Information Technology
  • Overview

    GovernmentCIO is looking to bring on a Cybersecurity Risk Management Anaylst to help support our team. 

    Responsibilities

     

    The Cybersecurity Risk Management Analyst is responsible for effectively managing information security risk organization-wide requires the following key elements:

    • Assignment of risk management responsibilities to senior leaders/executives;
    • Ongoing recognition and understanding by senior leaders/executives of the information security risks to organizational operations and assets, individuals, other organizations, and the Nation arising from the operation and use of information systems;
    • Establishing the organizational tolerance for risk and communicating the risk tolerance throughout the organization including guidance on how risk tolerance impacts ongoing decision-making activities;8 and
    • Accountability by senior leaders/executives for their risk management decisions and for the implementation of effective, organization-wide risk management programs.

    GCIO seeks a Cybersecurity Risk Management Analyst with the following:

    • Knowledge of strategic planning for cybersecurity risk management
    • Knowledge of cybersecurity risk management implementation (strategy and plan to exeute)
    • Knowledge of NIST 800-39 Managing Information Security Risk (Organization, Mission, and Information System view).  The is different focus than 800-37 Guide for Applying the Risk Managment Framework
    • Knowledge of NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) new framework that D/A are applying to their cybersecurity program and it is how they are reporting FISMA metrics to DHS
    • Knowledge of GRC (governance, risk management, compliance)
    • Knowledge of FISMA
    • Knowledge of 800-53 controls
    • Senior level communications
    • Strategic planning
    • Excellent analysis and writing skills

    The Cybersecurity Risk Management Analyst will:

    • Ensure that senior leaders/executives recognize the importance of managing information security risk and establish appropriate governance structures for managing such risk;
    • Ensure that the organization’s risk management process is being effectively conducted across the three tiers of organization, mission/business processes, and information systems;
    • Foster an organizational climate where information security risk is considered within the context of the design of mission/business processes, the definition of an overarching enterprise architecture, and system development life cycle processes; and
    • Help individuals with responsibilities for information system implementation or operation better understand how information security risk associated with their systems translates into organization-wide risk that may ultimately affect the mission/business success.

    Qualifications

     

    Certification Requirements:

    CRISC preferred, but not required

    Skills Requirements:

    Enterprise Risk Management, Cybersecurity Risk Management, Governance Risk and Compliance (GRC), Cybersecurity Framework (CSF), FISMA, NIST 800-39

    Tools & Software Experience:

    n/a

    Education Requirements:

    BS/BA

    Years of Experienced Required:

    5 to 7 years experience (they have a lead SME and junior onboard, they need a mid experience risk management FTE, maybe even more senior level at 10 years

    Anticipated Disqualifications:

    Minimum SECRET Clearance

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed