- Cyber Defense
XOR Security is currently seeking a Governance, Risk and Compliance Lead. The ideal candidate will lead the team in the performance of Information Assurance (IA), Information Security Continuous Monitoring (ISCM), and Ongoing Authorization (OA) activities for the Agency. Emphasis will be placed in ensuring that the Policy & Planning Branch has a positive and productive working relationship with the internal divisions and external federal partner agencies. The Candidate must have SME knowledge of all applicable Federal cybersecurity mandates, how and where these mandates tie into Agency orders, policies, instructions, standards, handbooks and guides, and the impact of the security requirements on Agency specific systems and mission.
- 7+ years of experience in cyber security, of those, at least 3+ years in security, preferably in GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc).
- Bachelor’s Degree required (Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering).
- CISSP, CISA, CRISC, CISM or other industry-level cyber certification require
- Demonstrate experience with development and update of policies to align with OMB, DHS, NIST, CNSS, ICD, Congressional and other cybersecurity mandates, and directives.
- Experience with Application Security Audits and Risk Scoring.
- Experience ensuring controls meet legal, regulatory, privacy, policy, standards and security requirements.
- Maintain updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO, NIST 800-53, NIST 800-34 etc.
- Identify and report enterprise security posture and system vulnerabilities using risk analytics, metrics generation, and other techniques as needed.
- Support risk management by maintaining visibility and comprehensive situational awareness of the cyber threat landscape impacting the Agency.
- Reduce cost and optimize agency cybersecurity posture through complexity reduction, reciprocity, and increased automation.
- Deliver measurable cybersecurity outcomes.
- Continuous improvement with regulatory and policy alignment with Federal mandates.
- Enhance cybersecurity Risk Management Framework (RMF) implementation.
- Lead and coordinate High Value Asset (HVA) program activities.
- Ensure Plans of Action and Milestones (POA&M) coordination and reporting activities are briefed to CFTC leadership as required by Binding Operational Directives.
- Prepare responses to official requests for information from OMB, DHS, or any other agency in regard to Information Security related statistics or data.
- Provide architecture and technical guidance on enterprise-wide cybersecurity programs.
Job Duties Include:
- Support the development and enhancement of security dashboards using a governance, risk management and compliance (GRC) application such as Department of Justice’s Cyber Security Assessment and Management (CSAM) tool) to provide role-based views to agency executives, managers, system security officers, and key stakeholders
- Produce IT Security Assessment & Authorization (SA&A) packages, in a format agreed upon during Assessment & Authorization (A&A) project commencement, using automated and manual inputs
- Provide technical guidance and best practices to ensure that the agency achieves maximum value from its IT investments
- Create documentation that outlines how the various dashboards fit together, the analysis that should be performed on each, and what deliverables would allow for appropriate management information and higher-level dashboard creation
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED