Cybersecurity Risk Management Analyst

• Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support and enterprise-wide common controls program. Advise the government client on which controls are appropriate as common controls and relevant to be inherited by all or a subset of systems in the enterprise portfolio. Also advise on system level controls, and review/ validate control inheritance.
• Review Control Implementation Statements to ensure proper implementation in alignment with NIST 800-53.
• Develop, maintain, and make recommendations for enhancing Cybersecurity Policies,
• Develop FISMA Metrics and Asset Management reports in compliance with requirements outlined in DHS 4300A/B.
• Monitor and manage FISMA Inventory and system designations (e.g., CFO, High Value Assets (HVA), Mission Essential Systems (MES), Personally Identifiable Information (PII).
• Maintain and update the FISMA System Inventory Methodology and related SOPs.
• Provide recommendations in support of system boundary consolidation and integration of tools/databases.
• Communicate clearly with system owners, developers, and executive leadership on various cybersecurity, risk and compliance topics.
• Coordinate, schedule, develop agendas, and facilitate meetings with all levels of government and contractor stakeholders.
• Assist in engaging in providing support to the client in oversight of l Common Control Providers across the Department.
• Ensure testing of common controls aligns with the Risk Management Framework (RMF) and DHS 4300 policy.
• Conduct annual reviews of Common Control Providers and Programs.
• Maintain the Common Control Implementation Guide, Methodology, and training materials.
• Deliver formal Department-wide Common Controls compliance training.
• Recommend updates to DHS 4300 policies, attachments, memos, and cybersecurity directives.
• Provide policy recommendations for Security Authorization, POA&Ms, Ongoing Authorization, and Document Review.
• Maintain and update SA Guides, DR methodologies, checklists, and templates (e.g., FIPS199, SAR, SAP, RA, CM, CP, BIA).
• Develop and manage RMF-related processes, procedures, and documentation templates.
• Conduct gap analyses and recommend improvements to streamline, automate, and standardize cybersecurity processes across the enterprise.
• Identify and recommend improvements to streamline Security Authorization processes (e.g., ATO, Ongoing Authorization, FedRAMP, Reciprocity).
• Provide recommendations to standardize the Security Authorization and Risk Management programs using an agile, value-driven model.
• Perform document reviews for all security documentation in support of initial authorization, reauthorization, and ongoing Security Authorization packages, as well as compile and prepare authorization package.
• Assist with data calls and analysis as required by the Federal government.
• Prepare executive summaries, talking points, and slide decks for CISO/CIO briefings.
• Maintain documentation in Microsoft Teams, SharePoint, and other shared platforms.
• Develop and update training materials and PowerPoint presentations on inventory processes.
• Perform other duties as assigned by the Government.
• Ability to work efficiently and effectively in a dynamic and fast-paced environment.

• 5 years of related experience with Bachelor's degree or 8 years of overall related experience in a relevant field
• 5 years of experience with NIST 800-37, experience that can span across a subset, or all, of the steps within the Risk Management Framework.
• 1 year of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security control implementation.
• 3 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs).
• 1 year of experience with NIST SP 800-53, 800-37, DHS 4300A/B
• 3 years of experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure.
• 3 years of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
• 3 years of experience with government GRC tools such as Archer, IACS, CSAM, etc.
• 2 years of experience managing an enterprise's Inventory of information technology systems (or FISMA Systems).
• Must have one of the following certifictaions: CISSP, CISM, CISA, CAP, C|ISSO, CEH
• Must have an Active Secret clearance prior to start date

• 2 years of experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security control implementation.
• 5 years of experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs).
• Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with a diverse group of government and contractor stakeholders at various levels within the organization, including developing and maintaining agendas, meeting notes, and meeting records, including maintaining a repository of all meeting records.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
• Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
• Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, and problem-solving skills.
• Must have previous client-engagement experience.
• DHS HQ or Component- level experience

Evolver Federal