About us:
Gen3 Technology Consulting isan SBA-certified Woman-Owned Small Business (WOSB) providinga diverse set of technology services and solutions to federal and commercial clients. Founded in 2017, Gen3 leverages over 25 years of information technology management and leadership experience to help our clients define, plan, manage, and achieve their strategic vision while protecting their critical IT assets.We attract and retain the highest caliber of talent by supporting an inclusive work environment, cultivating growth and leadership both professionally and personally, and encouraging work-life balance. We strive to make it our priority to be compassionate, family-friendly, respectful, and flexible.
Gen3’s Joint Ventures,Pivotal Impact(JV with Caldwich) andVetCentric(JV with PingWind) expand our team’sknowledge and expertise as we pool resources to bring federal agencies strong technical, program management, and cyber security solutions, derived by a disciplined management consulting approach.Please note that the position is subject to award.
About the role:
The Risk Management Analyst will provide recommendations, create documentation, and revise documentation and guidance for standards and policies. The Risk Management Analyst will also perform cybersecurity strategy and policy analysis, provide recommendations for documentation and implementation enhancements, and analyze the development of Cybersecurity and continuous monitoring strategy and policy documents and processes to support the client, with a primary focus on the orchestration of vulnerability management practices in all stages of system and application security, ensuring vulnerability remediation activities align with enterprise risk management strategy.
Location: RemoteLanham, MD, U.S.
What you'll do:
- Work with ISSOs to verify and manage system vulnerability reports, triage new vulnerabilities, and monitor remediation progress to completion.
- Identify and assess the current ISSM operating environment.
- Conduct gap analysisforISSM processes, procedures, and best practices.
- Provide recommended framework solution(s) for ISSM review and adoption.
- Develop and implement the adopted framework.
- Conduct periodic reviews and update the framework as required.
- Provide documentation, timelines, and status reports on progress.
- Develop required documentation for ISSM guidance and usageincluding, but not limited to, Standard Operating Procedures (SOPs), training guides, and memos to support the framework.
- Review current ISSM vulnerability remediation and compliance processes and identify process areas where automated solutions may be utilized to consolidate vulnerability and compliance data into a single reporting system.
- Present automated solution option(s) for ISSM review and adoption.
- Develop and implement the accepted automated solution(s).
- Create, revise, and update Information Technology Standards and Policies.
- Perform business analysis on cybersecurity programs.
- Maintain cyber policies, regulations, and compliance documents.
- Perform strategic planning that improves Vulnerability Management (VM) programs within large/complex environments.
- Identify how security controls are implemented and use knowledge to shape standards.
- Lead and engage a team of teams (internal/client) with the ability to forge relationships across multiple stakeholder groups to mature Vulnerability Management.
What you'll need:
- Bachelor’s degree in cybersecurity, IT, or Engineering and 3-5years of relevant experience with Cybersecurity, risk management, or risk assessment for complex systems. Or an HS diploma or GED and 18+ years of relevant experience.
- 5+ years of experience creating, revising, and updating Information Technology standards and policies.
- Knowledge of the RMF process.
- Strong written and oral communication skills, proactive with customer satisfaction as the primary goal.
What's desired to have:
- Knowledge of NIST Standards and System Development Life Cycle (SDLC) and Capability Maturity Model Integration (CMMI) methodologies.
- Experience with maintaining a secure Cyber environment through configuration management, administration, and response actions.
- Experience with engineering, implementing, and monitoring security measures for the protection of systems, networks, and information.
- Experience with Microsoft Teams, Microsoft Visio, and Microsoft Office.
- Experience as a Systems Certifier.
- Experience with NIST security controls, governance, risk management, and compliance
- Ability to be innovative in providing solutions and quickly learn new technologies and tools.
- Possess a technical background in guiding policymakers and interpreting existing policy in accordance with Federal objectives.
- Public Trust clearance.
- CISSP certification.
