Cybersecurity Risk Assessment Specialist
Private Label Staff, Washington, District of Columbia, United States
Subject Matter Expert (SME) - Cybersecurity & Risk Assessment
Overview: The Subject Matter Expert (SME) provides advanced technical expertise to support assessment operations, with a focus on cybersecurity, risk analysis, and program integrity. This role is responsible for enhancing operational processes, developing standard operating procedures (SOPs), and ensuring the confidentiality, integrity, and effectiveness of security-related initiatives. The SME works cross-functionally to evaluate systems, identify vulnerabilities, and recommend mitigation strategies in alignment with federal and industry standards.
Key Responsibilities: • Provide expert-level technical guidance and analysis to support cybersecurity and risk assessment initiatives, including supply chain risk management. • Develop, enhance, and maintain standard operating procedures (SOPs) to support assessment execution and implementation. • Conduct security assessments and hands-on testing, analyze results, document risks, and recommend appropriate countermeasures. • Identify, evaluate, and report on system vulnerabilities, threats, and security gaps. • Review and provide recommendations on program-level documentation, including: o Requirements specifications o System architecture and design documents o Test plans and security plans • Develop and document security evaluation test plans and procedures. • Support the development and implementation of information security policies, standards, and guidance. • Ensure compliance with applicable frameworks and regulations (e.g., FISMA, NIST, OMB). • Perform risk assessments, including analyzing threats, vulnerabilities, and potential impacts. • Coordinate with cross-functional teams and stakeholders to support security testing and program objectives. • Lead or participate in technical exchange meetings, documenting outcomes and action items. • Prepare and deliver briefings to leadership on project status, risks, and key findings. • Analyze and synthesize data from multiple sources to produce clear, actionable insights for both technical and non-technical audiences. • Provide oversight for the design, development, and implementation of security support systems. • Collaborate with stakeholders to map system functionality to security controls and compliance requirements.
Qualifications: • Education: o Master's degree (MS/MA) in Cybersecurity, Information Technology, Computer Science, or a related field • Experience: o Minimum of 8+ years of relevant experience in cybersecurity, risk management, or assessment operations o Experience supporting federal or highly regulated environments preferred • Certifications (preferred): o CISSP, CISM, CISA, CEH, or other relevant industry certifications
Required Skills & Expertise: • Strong knowledge of cybersecurity frameworks and standards (FISMA, NIST, OMB, etc.) • Experience with risk assessments, vulnerability analysis, and security testing methodologies • Ability to translate complex technical concepts into clear documentation and briefings • Familiarity with security documentation development, including risk assessments, contingency plans, and test reports • Strong analytical, problem-solving, and communication skills • Ability to work independently and collaboratively in a fast-paced environment
Overview: The Subject Matter Expert (SME) provides advanced technical expertise to support assessment operations, with a focus on cybersecurity, risk analysis, and program integrity. This role is responsible for enhancing operational processes, developing standard operating procedures (SOPs), and ensuring the confidentiality, integrity, and effectiveness of security-related initiatives. The SME works cross-functionally to evaluate systems, identify vulnerabilities, and recommend mitigation strategies in alignment with federal and industry standards.
Key Responsibilities: • Provide expert-level technical guidance and analysis to support cybersecurity and risk assessment initiatives, including supply chain risk management. • Develop, enhance, and maintain standard operating procedures (SOPs) to support assessment execution and implementation. • Conduct security assessments and hands-on testing, analyze results, document risks, and recommend appropriate countermeasures. • Identify, evaluate, and report on system vulnerabilities, threats, and security gaps. • Review and provide recommendations on program-level documentation, including: o Requirements specifications o System architecture and design documents o Test plans and security plans • Develop and document security evaluation test plans and procedures. • Support the development and implementation of information security policies, standards, and guidance. • Ensure compliance with applicable frameworks and regulations (e.g., FISMA, NIST, OMB). • Perform risk assessments, including analyzing threats, vulnerabilities, and potential impacts. • Coordinate with cross-functional teams and stakeholders to support security testing and program objectives. • Lead or participate in technical exchange meetings, documenting outcomes and action items. • Prepare and deliver briefings to leadership on project status, risks, and key findings. • Analyze and synthesize data from multiple sources to produce clear, actionable insights for both technical and non-technical audiences. • Provide oversight for the design, development, and implementation of security support systems. • Collaborate with stakeholders to map system functionality to security controls and compliance requirements.
Qualifications: • Education: o Master's degree (MS/MA) in Cybersecurity, Information Technology, Computer Science, or a related field • Experience: o Minimum of 8+ years of relevant experience in cybersecurity, risk management, or assessment operations o Experience supporting federal or highly regulated environments preferred • Certifications (preferred): o CISSP, CISM, CISA, CEH, or other relevant industry certifications
Required Skills & Expertise: • Strong knowledge of cybersecurity frameworks and standards (FISMA, NIST, OMB, etc.) • Experience with risk assessments, vulnerability analysis, and security testing methodologies • Ability to translate complex technical concepts into clear documentation and briefings • Familiarity with security documentation development, including risk assessments, contingency plans, and test reports • Strong analytical, problem-solving, and communication skills • Ability to work independently and collaboratively in a fast-paced environment