Cybersecurity and Risk Management Specialist

BDR Solutions, LLC, (BDR) supports the U.S. Federal Government in successfully achieving their mission and goals. Our service and solution delivery starts with understanding each client's end-state, and then seamlessly integrating within each Agency's organization to improve and enhance business and technical operations and deployments.

We are seeking a Cybersecurity and Risk Management Specialist with expertise in the Risk Management Framework (RMF) to support IT systems' Authorization to Operate (ATO) processes. Experience supporting cybersecurity and RMF initiatives within the Department of Veterans Affairs (VA) is highly preferred. The ideal candidate will have a technical background enabling them to identify security vulnerabilities, articulate necessary fixes to System Administrators, validate implemented changes, and document findings in POA&Ms or other RMF-related ATO documentation.

This position involves conducting thorough reviews of cybersecurity and risk management data, ensuring compliance with federal standards, and preparing detailed reports to support the system's ATO renewal. The role requires close collaboration with program team members, VA stakeholders, and auditors while leveraging automated risk management tools.

Key Responsibilities:

Cybersecurity Vulnerability Management:

• Conduct monthly reviews of cybersecurity and RMF data to identify and address IT system security vulnerabilities.
• Validate and articulate technical issues identified during the ATO process and provide clear guidance to System Administrators on necessary fixes.
• Verify changes made to systems and ensure they meet compliance standards.

Risk Analysis and Documentation:

• Create, update, and maintain POA&Ms and other RMF-related documentation to support the ATO renewal process.
• Analyze and document risk areas, providing narrative, graphic, and oral status reports.
• Input and validate risk management data within automated tools, ensuring accuracy and completeness.

Compliance and Reporting:

• Conduct monthly audits of policies and compliance with standards.
• Collaborate with internal and external auditors, preparing standard and ad hoc reports as directed.
• Create monthly summaries of program risks, evaluating and reporting on an average of 372 control elements.
• Strategic Risk Management:
• Identify new, creative approaches for managing risks and improving cybersecurity processes.
• Collaborate with program teams and VA stakeholders to enhance the overall risk management strategy.

Qualifications:

Required Skills and Experience:

• Bachelor's Degree (8 years of experience may be substituted)
• 5 years of experience in systems administration and cybersecurity
• Proven expertise in Risk Management Framework (RMF) processes and ATO lifecycle support.
• Strong technical understanding of IT systems and cybersecurity principles.
• Demonstrated ability to articulate complex technical vulnerabilities and remediation steps to System Administrators.
• Experience validating system changes and ensuring compliance with RMF standards.
• Proficient in creating and managing POA&Ms and other ATO-related documentation.
• Hands-on experience with automated risk management tools and data input/validation processes.
• Excellent analytical, documentation, and reporting skills.
• Strong communication and interpersonal skills, including the ability to prepare and deliver clear narrative and graphical reports.

Preferred Skills:

• Familiarity with federal cybersecurity compliance standards (e.g., NIST 800-53, FISMA).
• Preferred: Hands-on experience working with VA-specific cybersecurity processes and systems.
• Experience with monthly cybersecurity audits and liaison with auditors.
• Proven track record of developing innovative approaches to risk management.
• Direct experience supporting RMF and ATO efforts for VA IT systems is strongly preferred.
• Relevant certifications such as CISSP, CAP, CRISC, or similar are highly preferred.

In addition, U.S Citizenship is required. Select applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information and be able to obtain a government-granted security clearance. Individuals may also be subject to a background investigation including, but not limited to criminal history, employment and education verification, drug testing, and creditworthiness.

BDR is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, marital status, disability, veteran status, sexual orientation, or genetic information.

Job Type: Full-time

Pay: $70,000.00 - $80,000.00 per year

Benefits:

• 401(k) matching
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Referral program
• Tuition reimbursement
• Vision insurance

Schedule:

• 8 hour shift

Education:

• Bachelor's (Required)

Experience:

• systems administration: 5 years (Preferred)
• cybersecurity: 5 years (Preferred)

Ability to Commute:

• North Chicago, IL 60064 (Required)

Work Location: In person

Salary : $70,000 - $80,000