Senior Cyber Risk Assessor (CRA) Risk Assessments / Strategist

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. 

Position Overview 

Arlo is in search of Cyber Risk Strategist Specialist to support the Department of Air Force. In this role, the employee will be responsible for developing strategies and briefing materials regarding identifying, evaluating, and mitigating potential risks that may impact the organization's operations, assets, or reputation utilizing Systems Security Engineering principles. The ideal candidate will possess strong analytical skills, a deep understanding of risk management principles, and the ability to communicate effectively both writen and verbal with various stakeholders.

The candidate should have a background System Security Engineering and experience with DoD Cloud environment specifically with the Air Force . The candidate must also possess a background related RMF Subject Matter Expertise to support our Air Force clients and Arlo HQ activities.  10 years of experience minimum. This resource will support a mission critical DoD project with all facets of the RMF and across multiple programs.  This is a 80% remote position with possible CONUS travel quarterly.  Arlo Solutions focuses on implementing the RMF process with a focus on risk vs compliance.   Candidates must possess an active Top Secret clearance and a DoD 8570 IAM III Certification to be considered for this position.  

Work Location 

Full-time remote with travel requirements 

Job Responsibilities and/or Success Factors  

• Provides cloud security architecture and DoD compliance advisory support
• Using excerpt knowledge and past experience provide Risk Management strategies to major Air Force programs transitioning to the cloud
• Provide advisory support to Air Force Senior Executive Authorization Officials (AO)s related to the authorization of IaaS, PaaS, and SaaS in respective boundaries.
• Support the Security Assessment and Authorization (SA&A) process by acting as Cloud/SAAS SME and or Security Control Assessor to support validation
• Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed
• Authoring authorization determination letters on behalf of the AO
• Author AO guide to determination-- a guide that the Authorizing Official will provide to program that provides a guide to authorization
• Author a guide to provide to security control assessors
• Collaborate between the AO and the program as well as AF senior leadership (focusing on creating metrics, tracking authorizations, etc)
• Providing support regarding the AF’s continuous ATO and Fast Track processes
• Provide independent risk analysis and recommendation on the risk as well as the authorization

Risk Identification and Evaluation

• Conduct thorough assessments to identify potential risks related to business processes, projects, and external factors
• Collaborate with cross-functional teams to gather information on existing and emerging risks
• Analyze and assess the impact and likelihood of identified risks
• Develop risk assessment models and methodologies to quantify and prioritize risks

Mitigation Strategies and Reporting

• Work closely with department heads to develop and implement effective risk mitigation strategies
• Provide recommendations for process improvements to minimize or eliminate identified risks
• Prepare comprehensive reports detailing the results of risk assessments, including key findings and recommended actions
• Communicate risk information to leadership and other stakeholders in a clear and concise manner

Compliance Monitoring

• Stay informed about industry regulations and standards to ensure the organization remains in compliance
• Conduct periodic reviews to assess the effectiveness of existing risk management controls

Training and Awareness

• Develop and deliver training programs to enhance risk awareness and understanding among employees
• Collaborate with teams to embed a risk-aware culture within the organization

Education and Minimum Qualifications 

• Bachelor’s Degree in Business, Information Technology, or other related degree fields (Master’s Degree is preferred or 10 years of experience)
• At least 10 (15 preferred) years of Cybersecurity experience in a senior technical or management role, Project Management experience a plus
• At least one of the following computer security certifications: CISSP, CCSP, CISM, CISA, or CASP
• Minimum of a Top Secret clearance (must be SCI eligible)
• Experience working at DoD HQ level environment, AF (Pentagon) experience preferred
• Expert understanding of NIST 800 series standards and guidelines, related Federal guidance, DoD RMF, and current cybersecurity best practices
• Excellent communication/presentation skills briefing senior military and government civilian leadership
• At least 3 years proven experience in conducting risk assessments and implementing risk management processes
• Strong analytical and problem-solving skills, with the ability to think critically and strategically
• Excellent communication skills, both written and verbal, with the ability to convey complex risk information to diverse audiences
• Ability to work collaboratively in a team environment and build positive relationships with stakeholders
• Knowledge of relevant laws, regulations, and industry standard

Preferred Qualifications: 

• Project Management Professional (PMP) certification
• Strong use of Microsoft Power Point and Excel
• Ability to articulate strategic ideas
• Experience presenting to C-suite executive leadership
• Strategy and planning expertise

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.