Job Description:
As a Cybersecurity Compliance & Metrics at SASSI, who will join our ISS division and support our government client remotely. The Cybersecurity Compliance & Metrics works closely with stakeholders and other members of the technical team to gather technical requirements and execute on deliverables. The Cybersecurity Compliance & Metrics works with an integrated project team comprised of multiple technical disciplines.
Primary Responsibilities:
In this role, you will:
Tasks involve integration of electronic processes or methodologies to resolve total system problems or technology problems.
Applies analytical and systematic approaches in the resolution of problems of workflow, organization, and planning.
Participate in all phases of internal and external assessments and audits.
Perform compliance assessments to determine if business systems are aligned with regulatory requirements, industry standards, best practices, and all information security policies, procedures, and standards.
Actively review, test, analyze and report on the effectiveness and state of all required controls.
Monitor and report on the status of compliance activities and remediation efforts escalating potentially risky situations as needed.
Provide recommendations to improve the effectiveness and efficiency of our risk-based audit program to ensure that it is repeatable, sustainable, and cost-effective.
Stay informed of new compliance regulations, assist in the assessment of the impact to the organization, and collaborate to ensure compliance.
Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the Project Manager.
Basic Qualifications
US Citizen
Must hold a minimum Secret clearance
4 years’ experience Cybersecurity experience
3 years’ specialized experience implementing security controls, performing system security testing, recommending remediation, and reporting security posture changes.
Experience navigating complex organizations, developing, and delivering vision through various communication strategies and presentations to senior-level executives and technical audience
Good understanding of security governance, compliance, and risk management principles.
Possesses and demonstrates a strong understanding of controls assessment techniques.
Familiarity with common standards, frameworks, and regulations such as:
NIST, ISO, COBIT, SIG, CCM, SOC-2, FAIR, HITRUST, PCI, GDPR.
Able to function independently and perform routine task such as:
Facilitate meetings, organize conference calls, deliver presentations and so forth
Strong analytic and problem-solving skills.
Strong oral & written communications to include report development and delivery.
Desired Toolsets (does not have to be all of them):
RedSeal
Tenable
ServiceNow
Microsoft TEAMs
Technology Harding Tools (e.g., DISA STIGs, CIS Benchmarks, Vendor Guidelines)
Governance Risk & Compliance (GRC) Tools (e.g., eMASS, RSA Archer, Xacta)
Splunk
Penetration Testing Tools (e.g., Nmap, Wireshark, Nessus, Metasploit, Aircrack, NetSparker, RedSeal, Burp Suite)
Phishing simulations
Cortex XDR endpoint detection and response tool
Desired Skillsets:
Report Writing (Technical & Non-Technical)
Technical Writing Techniques
Drafting government policies and procedures
Drafting government RMF SSP and A&A packages
Ability to perform qualitative and quantitative risk analysis
Zero Trust Architecture (ZTA) Design
Cyber Resilience Assessment Methodology
Preferred Qualifications
IAM II Certification Level
CISSP certification
Bachelor's degree in Computer Science, Information Systems, or other related discipline.
Full Time / Part Time
Full time
Regular / Temporary
Regular
Job Exempt (Yes / No)
Yes