Cybersecurity Risk Expert (ISSO)

At phia, we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

We are looking for a Cybersecurity Risk Expert (ISSO) to support a large enterprise Cyber Risk Management team to design and administer procedures in the organization that sustains the security of the organization’s data and access to its technology and communications systems.

This job is located in Merrifield, VA, with some remote capability during the pandemic at the discretion of the customer. Preferred candidates will live within a commutable distance to Fall Church, Virginia

What You'll Do

• Support the execution of product cybersecurity elements across global programs and services.
• Will work with multiple security, IT and engineering leadership/stakeholders and a variety of security, IT and engineering technical resources to identify and plan physical and cybersecurity work to meet/exceed corporate initiatives.
• Follow and develop procedures to assist in the vulnerability scans and/or implementation of security measures and controls
• Perform risk assessments for identified issues and assisting with research and identification of risk in the environment
• Conduct qualitative and quantitative risk and/or cyber risk assessments
• Provide security analysis process by applying security principles, methods (e.g., risk assessment, systems security planning, disaster recovery planning) and tools
• Review systems to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes, and document upgrades.
• Identify organization risks, prioritize those risks, and maintain a risk registry for escalating.
• Execute business impact assessments and system security reviews using a formal C&A structure.
• Assess external cybersecurity risks to an organization either through customer or supplier interaction
• Follow and determine audit policy and reporting mechanisms for ensuring compliance with IA/IS standards by keeping current with IA/IS requirements.
• Develop risk management by creating plans, procedures, protocols, and evaluation measures and ensuring there are desired levels of enterprise-wide IA/IS.
• Serve as the Cyber Risk Management representative and/or advisor on various review and change control boards

Requirements

Education + Experience

• A Bachelor's Degree in Computer Science, Engineering, similar technical discipline or equivalent experience
• 7 years of relevant experience
• Experience providing technical expertise across a range of security technology, techniques, and practices
• Ability to provide recommendations and explain approaches concerning risk mitigation to wide audiences
• Ability to map risk assessments to existing industry standards (e.g., ISO 27000 series, NIST publications, CIS Controls
• Proven history or working independently without supervision.

Certifications

• Possesses a current active industry standard certificate in the information security/assurance field: e.g. Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Authorization Professional (CAP)

Security Clearance Requirements

• U.S. Citizenship required
• Ability to obtain Public Trust (or higher) government clearance

Who You Are

• A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
• Intellectually curious with a genuine desire to learn and advance your career.
• An effective communicator, both verbally and in writing.
• Customer service-oriented and mission-focused.
• Critical thinker with excellent problem-solving skills.

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

MPORTANT: This position may be subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19, which the Federal Government is not enforcing at this time.

Benefits

Who We Are

phia LLC ("phia") is a Northern Virginia based, 8a certified small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.