Senior Cybersecurity Assessor
Rosslyn, VA

Job Description

Job Description

ActioNet is seeking a qualified Senior Cybersecurity Assessor in support of State Department Bureau of Diplomatic Security, Security and Technology Branch. The SME is responsible for working on a team that is focused on Steps 1 - 3 of the Risk Management Framework. The Senior Cybersecurity Assessor will need to work closely with product owners, technical staff and associates in the IT security area, to guide the process. The candidate will be responsible for a combination of solution development and technical writing.

To achieve this, the candidate must demonstrate relevant knowledge of NIST Risk Management Framework and large scale enterprise applications. The candidate will be able to successfully translate best practices into guidance for team members, System Security Plans, POAMs, review board submissions, and other ATO related documents and efforts.

Duties and Responsibilities:

* Develop IT Security approach for product/application development teams
* Provide strategic guidance and counsel to senior management
* Lead or facilitate major portions of large or medium projects / tasks, or provide sole support for small projects / tasks
* Provide IT security guidance in the areas of system development; risk management; system authorization, critical infrastructure continuity and contingency planning; security awareness and training.
* Familiar with NIST and FedRAMP guidance with respect to establishing and maintaining a Cybersecurity program.
* Ability to take large volumes of complex information and present it in a clear and concise manner to senior management

Qualifications:

* Excellent verbal and written communication skills, attention to detail, and resourceful
* At least 8 years of directly related experience is required
* Professional cyber security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), SANS Global Information Assurance Certification (GIAC) or equivalent a plus

Desired Skills:

* Awareness and experience with Executive Orders, National Institute of Science and Technology (NIST), and CNSS requirements, reporting, standards, guidelines, processes and toolsets
* NIST Cybersecurity Framework
* Ability to work within NIST Risk Management Framework
* Federal Information System, security lifecycle approach including assessment, authorization, and monitoring programs
* Prior knowledge of State Department Authorization to Operate process
* Understanding of FedRAMP approach to security assessment, authorization, and continuous monitoring for cloud products and services