Component Risk Analyst – Mid

Evolver, a Converged Security Solutions company, is an information technology company serving the Federal, Commercial, and Legal markets that addresses client challenges in the present and transitions clients into the future by introducing efficient and effective IT solutions. With a dedicated focus on client satisfaction, CSS has proven its value time and time again, from managing day-to-day operations to skillfully navigating the implementation and support of new technologies. Our core competencies are infrastructure, application development, cybersecurity, cloud, end-user support, data analytics and legal services.

Responsibilities

• Provide research and development support of data analytic and data management technologies including those associated with collecting, analyzing, parsing, and reporting large volumes of data that may support the MGMT Component Compliance and DHS CISOD Continuous Monitoring.
• Represent MGMT-HQ Compliance by engaging and supporting CISOD Working Group meetings.
• Provide MGMT Component Security SME inputs to support DHS Department wide Working Groups for recommendations for improvement of FISMA metrics, and continuous monitoring.
• Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify trends and anomalies cybersecurity performance and mitigation of risk.
• Utilize available data analytics tools to create risk models and reports in support of MGMT-HQ.
• Compile data, organize information, and prepare routine reports per required frequency and ad hoc reports for review and submission by federal staff.
• Draft analysis findings, presentations, point papers, after action reports, gap analysis, business impact analysis and other analytics documentation.
• Provide support of MGMT-HQ security authorizations, MGMT-HQ inventory, security training and outreach in support of the MGMT-HQ community, and inputs to MGMT-HQ policy, and procedures and guidelines.
• Prepare security authorization packages for Federal Management review and approval. Create authorization memos, per MGMT-HQ Component requirements, collect supporting artifacts and documentation and identify risk weaknesses to present to component management. Support and develop process to support compliance team.
• Provide input to Federal Compliance management for reporting of the status of predetermined government assessment priorities and status of deliverables for weekly to the Federal CISOD PM/DPM, the Federal Compliance Manager, and the Contractor PM.
• Provide cybersecurity SME support for program and systems to include security authorization guidance in support of assessment readiness, risk and threat assessments, and continuous monitoring activities.
• Inform MGMT-HQ stakeholders of system related compliance activities, i.e., FISMA scorecard, POA&M resolution issues, Authority to Operate (ATO), Contingency and Contingency Test Plan and Privacy Threshold Analysis (PTA) expirations.
• Provide guidance and support to MGMT-HQ Stakeholders post assessment POA&M Consolidation and Remediation Plans development for MGMT Systems for Compliance Management approval.
• Provide quality assurance of all security authorization documentation and other documentation to supports MGMT-HQ Compliance and the FISMA systems.
• Review, analyze, monitor, and report on DHS MGMT-HQ FISMA Metrics for programs and systems within the portfolio; report any discrepancies to the Federal Compliance Manager, ISSO and ISSM.
• Develop security authorization Packages and other compliance documents to be routed for DCISO and AO approvals and signature.
• Provide risk determinations in support of security authorization, weakness remediation, and audit activities.
• Attend SDLC/SELC project meetings for in support of MGMT-HQ systems, review system business requirements against NIST and DHS security controls requirements to identify gaps and discuss solutions/mitigations, risk rate the identified gaps and raise risks to the Federal Compliance Manager and Federal Information System Security Manager.
• Provide review and support to MGMT-HQ system stakeholders as they perform security impact analysis based on changes to information systems.
• Provide Risk Management Framework (RMF) process and preparation support to system stakeholders; provide guidance on outstanding issues and risks identified to support system readiness for security assessments.

Basic Qualifications

• 5 years of relevant experience
• Bachelor's degree or 8 years of work experience
• US Citizen with an active Secret Clearance
• 1 Cyber Certification (CISSP, CISM, Security , etc)
• 2 years of experience with FISMA and the NIST RMF

Preferred Qualifications

• Data Analytics Skills
• Tools experience with Splunk/Elastic
• Experience with GRC solutions
• Communication skills including ability the to be able to present
• Process Improvement Experience
• DHS EOD Preferred but not required

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.