About us:Gen3 Technology Consulting isan SBA-certified Woman-Owned Small Business (WOSB) providinga diverse set of technology services and solutions to federal and commercial clients. Founded in 2017, Gen3 leverages over 25 years of information technology management and leadership experience to help our clients define, plan, manage, and achieve their strategic vision while protecting their critical IT assets.We attract and retain the highest caliber of talent by supporting an inclusive work environment, cultivating growth and leadership both professionally and personally, and encouraging work-life balance. We strive to make it our priority to be compassionate, family-friendly, respectful, and flexible.
Gen3’s Joint Ventures,Pivotal Impact(JV with Caladwich) andVetCentric(JV with PingWind) expand our team’sknowledge and expertise as we pool resources to bring federal agencies strong technical, program management, and cyber security solutions, derived from a disciplined management consulting approach.
About the role:
As a Senior Information Security Risk Specialist on our team, you'll collaborate with a government client to uncover cyber risks, comprehend relevant policies, and formulate mitigation strategies. Assessing technical, environmental, and personnel factors, you'll evaluate the complete threat landscape. Your role involves leading the VA client through an actionable plan via presentations, white papers, and milestones. Your expertise will aid in translating security concepts, enabling informed decisions to secure mission-critical systems and infrastructure. This is an opportunity to serve as an information security subject matter expert, mentoring others while expanding skills in Risk Management Framework and NIST Security and Privacy controls.
Location:U.S., Remote.
What you'll do:
- Collaborate with program leadership to identify and mitigate risks, comprehend, and implement policies and best practices, develop action plans and delegate tasks to team members and site owners.
- Assist in the management of customer relationships to collaborate on the assessment of system audit compliance-related risk.
- Collaborate with your team to translate requirement concepts into actionable, implementable solution recommendations to assist the client in making data-driven and informed decisions.
- Analyzing data from Governance Risk Compliance (GRC) tools to identify trends, root cause, and potential solutions.
- Conduct security assessments and ensure system compliance with contingency planning requirements.
- Work with your client to develop and collaborate on cybersecurity testing, training, and exercises to evaluate and assess the quality of contingency planning artifacts.
- Apply advanced consulting and planning or extensive technical expertise in resolving high-visibility client cybersecurity initiatives.
What you'll need:
- Master's degree in CS, Engineering, or IT with over 5 years of IT experience, OR 15+ years of IT experience if without a degree.
- Proficient in NIST special publications and FIPS, applying information security and assurance principles, including NIST Cybersecurity Framework and RMF process.
- Skilled in leading and coaching efforts involving presentations, SOPs, whitepapers, and change management processes.
- Experienced in assessing NIST security and privacy controls, maintaining Plans of Action and Milestones (POA&Ms).
- Adept at analyzing data from GRC tools like eMASS or RiskVision to identify trends, root causes, and solutions.
- Proficient in offering guidance for NIST security and privacy controls, along with generating thorough documentation and artifacts in GRC tools.
- Experienced in reviewing security requirements, recommending mitigation strategies, and collaborating directly with clients for solutions and education.
- Well-versed in conducting annual security reviews in alignment with FISMA reporting.
What's desired to have:
- Previous experience supporting a federal or state government agency preferred, especially the Veterans Affairs.
- Experience with Privacy and Security control implementation, testing and assessment, and POAM management.
- Experience with using data analytical tools.
- CAP, CISSP, CISM, PMP, or CCSK Certification
