- Cyber Defense
XOR Security is currently seeking a Governance, Risk and Compliance Lead. The ideal candidate will lead the team in the performance of Information Assurance (IA), Information Security Continuous Monitoring (ISCM), and Ongoing Authorization (OA) activities for the Agency. Emphasis will be placed in ensuring that the Policy & Planning Branch has a positive and productive working relationship with the internal divisions and external federal partner agencies. The Candidate must have SME knowledge of all applicable Federal cybersecurity mandates, how and where these mandates tie into Agency orders, policies, instructions, standards, handbooks and guides, and the impact of the security requirements on Agency specific systems and mission.
- 7+ years of experience
- Bachelor’s Degree required (Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering).
- CISSP, CISA, CRISC, CISM preferred
- At least 5+ years in security, preferably in GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc).
- Demonstrate experience with development and update of policies to align with OMB, DHS, NIST, CNSS, ICD, Congressional and other cybersecurity mandates, and directives.
- Experience with Application Security Audits and Risk Scoring.
- Experience ensuring controls meet legal, regulatory, privacy, policy, standards and security requirements.
- Maintain updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO, NIST 800-53, NIST 800-34 etc.
- Identify and report enterprise security posture and system vulnerabilities using risk analytics, metrics generation, and other techniques as needed.
- Support risk management by maintaining visibility and comprehensive situational awareness of the cyber threat landscape impacting the Agency.
- Reduce cost and optimize agency cybersecurity posture through complexity reduction, reciprocity, and increased automation.
- Deliver measurable cybersecurity outcomes.
- Continuous improvement with regulatory and policy alignment with Federal mandates.
- Enhance cybersecurity Risk Management Framework (RMF) implementation.
- Lead and coordinate High Value Asset (HVA) program activities.
- Ensure Plans of Action and Milestones (POA&M) coordination and reporting activities are briefed to CFTC leadership as required by Binding Operational Directives.
- Prepare responses to official requests for information from OMB, DHS, or any other agency in regard to Information Security related statistics or data.
- Provide architecture and technical guidance on enterprise-wide cybersecurity programs.
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED