Risk Manager
About the role
CVP is seeking an experienced Cybersecurity Risk Manager for a large government agency enterprise-level cybersecurity program. The ideal candidate will work directly with the Cybersecurity Program Manager and the agency’s CIO and CISO to manage and mitigate risks to information security and privacy.
Responsibilities
- Identify, evaluate, and develop strategies for handling risks to reduce information security and privacy risk across the agency.
- Provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools.
- Develop an agency Information Security Risk Management Strategy in accordance with NIST SPs.
- Conduct an enterprise risk assessment and develop an agency Information Security Risk Assessment Report.
- Develop an agency Privacy and Security Roadmap based on risks identified in the agency’s Information Security Risk Assessment Report.
- Develop an agency Information Security Risk Management Plan addressing risk tolerance, risk assessment, risk response, risk monitoring, and risk capabilities.
- Support the ISAO in implementing and overseeing information security risk management and security assessment and authorization (A&A) activities.
- Advise the agency on tailoring the A&A process for non-traditional technologies like cloud, mobile, and IoT.
- Provide recommendations on continuous monitoring and assessing the security posture of agency information systems.
- Track and review Plans of Actions and Milestones (POA&Ms) to identify areas of risk.
- Perform security accreditation packages for OCIO information systems and required assessments.
- Follow NIST FIPS and SPs, including FIPS 199 and 200, SP 800-39, SP 800-37, SP 800-137, SP 800-60, SP 800-53, SP 800-53A, SP 800-34, SP 800-30, and SP 800-18.
Requirements
- Minimum of six years’ experience in cybersecurity; ten years’ experience preferred.
- Minimum of six years’ experience leading and delivering FISMA-based and FedRAMP A&A programs for comparable federal agencies and programs; seven years’ experience preferred.
- One of the following industry-recognized certifications: CISSP, CISA, CISM, CRISC.
- Familiarity with ITIL Foundation Compliance, GRC tools, continuous monitoring, and vulnerability management tools or services.
- Demonstrated experience managing cybersecurity teams, including personnel, workload, priorities, scheduling, and risks.
- Proven experience reducing FISMA workload and time to authorization/reauthorization through methods like boundary consolidation, common control identification and re-use, automation, assessment readiness reviews, and digital transformation.
Qualifications
- Minimum of six years’ experience in cybersecurity.
- Minimum of six years’ experience leading and delivering FISMA-based and FedRAMP A&A programs for comparable federal agencies and programs.
- One of the following industry-recognized certifications: CISSP, CISA, CISM, CRISC.
- Familiarity with ITIL Foundation Compliance, GRC tools, continuous monitoring, and vulnerability management tools or services.
- Demonstrated experience managing cybersecurity teams, including personnel, workload, priorities, scheduling, and risks.
- Proven experience reducing FISMA workload and time to authorization/reauthorization through methods like boundary consolidation, common control identification and re-use, automation, assessment readiness reviews, and digital transformation.
Skills
- PMP Certification.
- CISSP Certification.
- Experience with Security Assessment Tools (Tenable Nessus, DBProtect, Wireshark, WebInspect).
- NIH/HHS experience.
Benefits
Location: Rockville, MD (Hybrid)
Salary Band: $155-165k (Depending on experience)
Pay
$155-165k (Depending on experience)
Schedule
Hybrid
Company Overview
CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation. CVP is an Equal Opportunity Employer dedicated to actively recruiting individuals and providing advancement opportunities based on merit and legitimate job qualifications. We ensure that all associates receive equal opportunities based on their personal qualifications and job requirements. CVP strictly prohibits any form of discrimination or harassment. At CVP, we cultivate a work environment that encourages fairness, teamwork, and respect among all associates. We are committed to maintaining a workplace where everyone can grow both personally and professionally.