Cyber Risk & Compliance SME

Job Description

Seeking a Cyber Risk & Compliance Subject Matter Expert (SME) to provide technical guidance and analysis for cybersecurity and risk assessment, including supply chain risk management. Responsibilities include: 1. Developing and maintaining standard operating procedures (SOPs) for assessment execution. 2. Conducting security assessments, testing, analyzing results, documenting risks, and recommending countermeasures. 3. Identifying and reporting system vulnerabilities and threats. 4. Reviewing program documentation (requirements, architecture, test plans) and providing recommendations. 5. Developing security evaluation test plans and procedures. 6. Supporting information security policies and standards. 7. Ensuring compliance with frameworks and regulations (FISMA, NIST, OMB). 8. Performing risk assessments and analyzing potential impacts. 9. Coordinating with teams to support security testing and program objectives. 10. Leading technical exchange meetings and documenting outcomes. 11. Preparing and delivering briefings on project status and risks. 12. Analyzing data to provide actionable insights to technical and non-technical audiences. 13. Overseeing the design and implementation of security support systems. 14. Collaborating to map system functionality to security controls.

Qualifications

1. Education: Master’s degree (MS/MA) in Cybersecurity, Information Technology, Computer Science, or a related field. 2. Minimum of 8+ years of relevant experience in cybersecurity, risk management, or assessment operations. 3. Experience supporting federal or highly regulated environments preferred. 4. Certifications (preferred): CISSP, CISM, CISA, CEH, or other relevant industry certifications.

Benefits

- Health insurance - Flexible work arrangements - Professional development