Cyber Risk Management Lead

At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is seeking a Cyber Risk Management Lead to provide IT/cybersecurity risk management and project management expertise for a Federal program. This security program provides cyber risk management, information system security continuous monitoring, Information Systems Security Officer (ISSO), and IT/cyber privacy support that balances business needs with security risks while ensuring compliance with Federal regulations. This will be a hybrid role reporting on-site with some capability to telework. The qualified individual will ideally be in Lakewood, CO (Denver metro area)/ Washington, DC, or the Reston, VA area (DC/MD/VA metro area). applicants may also be considered. While this opportunity is contingent upon contract award, that doesn’t mean we can’t start a conversation now! 

What You'll Do

• Serve as the central point of contact to the customer and coordinate between personnel in all task areas within the program (i.e. Risk Management and Information Security Continuous Monitoring (ISCM), Information System Security Officers and System Security, and the Privacy Office).
• Provide technical and operational subject matter expertise in cyber risk management, the Risk Management Framework (RMF), OMB and FISMA guidance and mandates, NIST Special Publications, the Federal Risk and Authorization Management Program (FedRAMP), and program and project management involving Federal and Commercial shared services.
• Perform project management activities, including creating and updating project plans and actions, coordinating and tracking activities, and providing status reports.
• Shall be responsible for submitting all reports and deliverables.
• Shall be responsible for responding to all Government inquiries within timeframes based on criticality labels.
• Develop and conduct Risk Management Framework (RMF) briefings for existing information systems requiring Authorization to Operate (ATO) renewals.
• Prepare Security Impact Assessments (SIA’s) to determine if proposed changes to information systems warrant new Assessment & Authorization (A&A) packages.
• Establish advanced analytics to enable dashboarding capabilities for monitoring and governance of systems.
• Provide Continuous Monitoring reporting based on the organization’s Continuous Diagnostic and Mitigation (CDM) program.
• Perform control assessments and documentation updates for the supported systems.
• Maintain Interconnection Security Agreements (ISA) for information systems connecting to external entities.
• Maintain Plans of Action and Milestones (POA&Ms) in GRC tools and systems of record (e.g. Xacta), including creating, monitoring, closing, and reporting. 
• Coordinate Incident Response with Information Systems Security Managers (ISSMs) and System Owners (SO) to include all associated actions necessary to mitigate the risk to unit systems.
• Support risk analysis and approval process for deviation/exemption requests to organization-wide Web Filtering, SSL Inspection, Data Loss Prevention (DLP), and IT Configuration Management policies for perimeter network devices and defense capabilities.
• Provide recommendations for updates and support review and approval processes for organization Standard Technical Implementation Guides (STIG) for commonly sure software across the agency (i.e., Windows Desktop/Server, Web Browsers, Databases).
• Provide technical writing support for formal documentation reports, training materials, slide decks, and architecture diagrams.

Education + Requirements

• 19  years of relevant experience, or 
• AA/AS +17 years of relevant experience, or 
• BA/BS +15 years of relevant experience, or 
• MA/MS +13  years of relevant experience 

Significant expertise, deep knowledge, and practical experience with:

• Risk Management Framework (RMF) 
• NIST Special Publications (800 series)
• FedRAMP / Cloud Service Providers (CSPs) - auditing, compliance, risk, assessment, etc.
• Federal Continuous Diagnostics and Mitigation (CDM) program structure, component tools/capabilities, and requirements
• Xacta Risk Management Platform (Xacta 360 / Xacta.io),
• Vulnerability Scanning/Assessment tool data/outputs (e.g. Tenable/Nessus),
• Web Application Scanning/Assessment tool data/outputs (e.g. Accunetix),
• Cloud services/platform compliance and assessment tools (i.e. Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)),
• Splunk and/or Elastic for reviewing federal Continuous Diagnostics and Mitigation (CDM) program datasets (e.g. BigFix/HCL, Microsoft Defender for Endpoint, etc.) 

Preferred Certifications

• PMP
• CISSP
• CCSP, CIPP, CAP, CASP / GSLC / CISM/CSM, or other industry-standard security certifications

Security Clearance

• U.S. citizenship
• Ability to achieve Public Trust or higher government clearance.

#LI-LC1
Who You Are A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.Intellectually curious with a genuine desire to learn and advance your career.An effective communicator, both verbally and in writing.Customer service-oriented and mission-focused.Critical thinker with excellent problem-solving skills If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Arephia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.phia values work-life balance and offers the following benefits to full-time employees: Comprehensive medical insurance to include dental and visionShort Term & Long-Term Disability 401k Retirement Savings Plan with Company MatchTuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.