Cybersecurity Compliance & Metrics

Job Description:

As a Cybersecurity Compliance & Metrics at SASSI, who will join our ISS division and support our government client remotely. The Cybersecurity Compliance & Metrics works closely with stakeholders and other members of the technical team to gather technical requirements and execute on deliverables. The Cybersecurity Compliance & Metrics works with an integrated project team comprised of multiple technical disciplines.


Primary Responsibilities:

In this role, you will:

  • Tasks involve integration of electronic processes or methodologies to resolve total system problems or technology problems.

  • Applies analytical and systematic approaches in the resolution of problems of workflow, organization, and planning.

  • Participate in all phases of internal and external assessments and audits.

  • Perform compliance assessments to determine if business systems are aligned with regulatory requirements, industry standards, best practices, and all information security policies, procedures, and standards.

  • Actively review, test, analyze and report on the effectiveness and state of all required controls.

  • Monitor and report on the status of compliance activities and remediation efforts escalating potentially risky situations as needed.

  • Provide recommendations to improve the effectiveness and efficiency of our risk-based audit program to ensure that it is repeatable, sustainable, and cost-effective.

  • Stay informed of new compliance regulations, assist in the assessment of the impact to the organization, and collaborate to ensure compliance.

  • Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the Project Manager.

Basic Qualifications

  • US Citizen

  • Must hold a minimum Secret clearance

  • 4 years’ experience Cybersecurity experience

  • 3 years’ specialized experience implementing security controls, performing system security testing, recommending remediation, and reporting security posture changes.

  • Experience navigating complex organizations, developing, and delivering vision through various communication strategies and presentations to senior-level executives and technical audience

  • Good understanding of security governance, compliance, and risk management principles.

  • Possesses and demonstrates a strong understanding of controls assessment techniques.

  • Familiarity with common standards, frameworks, and regulations such as:

  • NIST, ISO, COBIT, SIG, CCM, SOC-2, FAIR, HITRUST, PCI, GDPR.

  • Able to function independently and perform routine task such as:

  • Facilitate meetings, organize conference calls, deliver presentations and so forth

  • Strong analytic and problem-solving skills.

  • Strong oral & written communications to include report development and delivery.

Desired Toolsets (does not have to be all of them):

  • RedSeal

  • Tenable

  • ServiceNow

  • Microsoft TEAMs

  • Technology Harding Tools (e.g., DISA STIGs, CIS Benchmarks, Vendor Guidelines)

  • Governance Risk & Compliance (GRC) Tools (e.g., eMASS, RSA Archer, Xacta)

  • Splunk

  • Penetration Testing Tools (e.g., Nmap, Wireshark, Nessus, Metasploit, Aircrack, NetSparker, RedSeal, Burp Suite)

  • Phishing simulations

  • Cortex XDR endpoint detection and response tool

Desired Skillsets:

  • Report Writing (Technical & Non-Technical)

  • Technical Writing Techniques

  • Drafting government policies and procedures

  • Drafting government RMF SSP and A&A packages

  • Ability to perform qualitative and quantitative risk analysis

  • Zero Trust Architecture (ZTA) Design

  • Cyber Resilience Assessment Methodology

Preferred Qualifications

  • IAM II Certification Level

  • CISSP certification

  • Bachelor's degree in Computer Science, Information Systems, or other related discipline.

Full Time / Part Time

Full time


Regular / Temporary

Regular


Job Exempt (Yes / No)

Yes