Cybersecurity Risk Analyst
Find your job at www.LoveYourJob.com
Job Title: Cybersecurity Risk Analyst
Location: Lexington, MA
Duration: 36 Months and 40 hours per week
*Applicants must meet the eligibility requirements to obtain a Top Secret Security Clearance for access to classified information. An Active Secret Clearance without incident is desired.
POST-OFFER BACKGROUND CHECK IS REQUIRED. An essential function of this job is physical attendance. Digital Prospectors is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
The Laboratory is required by contract to implement provisions of the Defense Federal Acquisition Regulation Supplement, contract clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. The Laboratory is also preparing to meet requirements for the Cyber Maturity Model Certification (CMMC).
DFARS provisions require that risk to information systems be periodically assessed. A similar requirement is specified in the Risk Management Framework (RMF) and Command Cyber Readiness Inspections (CCRI) that govern collateral information systems. This position directly supports Laboratory readiness for DFARS and CMMC compliance. The position assists in managing and maintaining the Laboratory’s Enterprise System Security Plan, Plans of Action and Milestones (POA&M), develops policies, plans and procedures, and performs assessment and auditing functions that satisfy these requirements.
Position Scope/Job Functions
The Cybersecurity Risk Analyst is responsible for maintaining the Laboratory’s Enterprise System Security Plan, Plans of Action and Milestones (POA&M), developing policies, plans and procedures and conducting security compliance audits, Data Security Plans (DSPs), cybersecurity risk analysis, information security risk assessments in accordance with cognizant DoD standards, as well as information security industry best practices. This position requires collaboration with other highly skilled members of the Information Security Group, Security Services Department (SSD), Information Services Department (ISD) and Technical Research Divisions. The position works with both research and operations staff to provide timely and quality guidance and oversight to ensure that regulatory and compliance risks are adequately identified, communicated, and tracked for remediation.
The Cybersecurity Risk Analyst uses his/her technical experience to quickly understand multiple networked computer environments and determine whether the appropriate level of security measures are in-effect based on applicable security best practices and/or governing policies and regulations.
The position performs audits of Information Systems (IS) to ensure that they are in compliance with applicable laws and government regulations, to include the National Industrial Security Program Operation Manual (NISPOM) guidelines, DoD Risk Management Framework (RMF), Defense Federal Acquisition Regulation Supplement (DFARS) - 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting, Defense Security Service (DSS) Assessment and Authorization Manual (DAAPM), National Institute of Standards and Technology (NIST) standards and special publications and Laboratory Information System Security Procedures.
The position requires significant report writing and briefing to key staff members, Group and Division Leadership across the Laboratory. The position also requires a high level of communication skills, to include the ability to provide training and briefings to all levels of the organization. Excellent writing skills are required in order to complete extensive written reports, documenting inspection findings and observations.
Primary Duties Include:
- Develop policies, plans and procedures IAW Defense Federal Acquisition Regulation Supplement (DFARS) - 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting and Cyber Maturity Model Certification (CMMC).
- Perform risk analysis and reporting on DFARs, NIST, RMF, and NISPOM compliance
- Audit information systems according to NIST SP 800-37, 800-171, CMMC and 800-53, NISPOM and DFARs frameworks ? Assess requirements for compliance with government regulations and prepare documentation and policy IAW requirements
- Perform complex analysis of risk of security exceptions through the data security plan process
- Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
- Develop and enforce information security policy
- Conduct staff security outreach and engagement
- Assess security risks of cutting edge technology
- Support vulnerability management operations through documentation and reporting of findings to lab leadership
- Support incident response and remediation effort.
- Demonstrated knowledge of the Defense Federal Acquisition Regulation Supplement, contract clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and Cyber Maturity Model Certification (CMMC) cybersecurity framework requirements and security controls.
- 3-5 years of experience with NIST 800-53/800-171 controls / NIST Risk Management Framework
- Experience reviewing/analyzing vulnerability scans or configuring host based security solutions is a plus.
- Demonstrated capabilities in presenting ideas written and orally are required.
- Some local and overnight travel may be required (less than 10%).
- The successful candidate will be subject to pre-employment investigation and must meet all eligibility requirements for access to classified information including compartmented programs.
- Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Top Secret level DoD security clearance
- Prior experience in a DoD Industrial Security environment is preferred.
- Familiarity with requirements identified in the National Industrial Security Operations Manual (NISPOM) is preferred.
Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field is required. (Master’s degree in one of the above fields is preferred) Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e., CISSP, CISA) may be considered substitutes for education and experience
Our client, one of the most prestigious Research and Development Labs in the country, is working on solutions to our nation's most complex defense and commercial related challenges. We have placed hundreds of talented engineers with this client over the years - If you are qualified - we can get you in!!!
The mission is critical and the work is as cutting-edge as it is rewarding. The teams are superbly managed groups of world class engineers from all types of interesting and diverse backgrounds - AND THEY ARE HIRING!
Make this your next career move as one of our many long-term contractors or employees!
Work as our full-time employee with full benefits (Medical, Dental, Vision, STD, LTD, PTO, Retirement, etc.) - OR - work as a W2 hourly contractor at a higher pay rate if you don't need the benefit package.
ABOUT DIGITAL PROSPECTORS:
Founded in 1999, Digital Prospectors is an award-winning recruiting and consulting firm that specializes in placing contract, contract-to-hire and direct hire engineers into rewarding opportunities with our impressive and ever-growing client base. We believe that all people should love their jobs.
Come see why Digital Prospectors has been voted “Best Staffing Firm to Temp For” by Staffing Industry Analysts, "Best of Staffing" for candidate satisfaction by Inavero / CareerBuilder.com, "Top Temporary Placement Firm" by Boston Business Journal, "Best Company To Work For" by Business NH magazine, "Excellence in IT and Engineering Staffing” by TechServe Alliance, "Top IT Services Company" by Inc. Magazine, "Most Reliable Staffing Agency" in Forbes Magazine and "Top Ranked Staffing Firm" by Staffing Industry Analysts.