Cybersecurity SME - Governance Risk & Compliance

Tyto Athene is searching for a dynamic Senior Cybersecurity Subject Matter Expert that specializes in Governance, Risk, and Compliance.Responsibilities:Serve as a trusted advisor to senior leadership up to the CISO and Deputy CISO as an expert in the field of information assurance and cybersecurity.Provide advisory support to the customer agency's needs and challenges such as maturing the Governance, Risk, and Compliance (GRC) program, improving the ATO process, responding to government-wide mandates, and developing or updating policies to close agency gaps and improve metrics.Continuously monitor for new federal guidance (e.g. BODs, mandates, etc.), perform research and assess impact, disseminate relevant information, and provide guidance to the customer and MPG team on relevant actions such as changes to agency policies and procedures. Review the agency's existing GRC processes and templates for quality and completeness and recommend changes as needed.Participate in the quality assurance process by reviewing the quality of team deliverable content and leading or participating in retrospectives to identify lessons learned and improvement opportunities.Lead executive briefings.Provide direction to and subject matter expertise in security control reviews, security audits, evaluations, and risk assessments of sensitive and complex operational systems and facilities and provides recommendations for remediating detected vulnerabilities.Provide direction to and subject matter expertise in application or system security assessments, authorizations, and evaluations.Provide advisory support to the customer agency's plan to implement a Supply Chain Risk Management (SCRM) program. Provide the agency with guidance on policies, procedures, templates, and technologies to support the agency's program.Advise on the implementation of the Department's cybersecurity training program.Coordinate and lead cybersecurity initiatives that cut across teams and skillsets.Support specific technical reviews to support non-standard operational requirements and systems, including design, development, and maintenance of unique security assessment security tools and conducting assessments.Required:Bachelor's Degree or an equivalent combination of formal education and experience. Bachelor's Degree may be substituted for 8 additional years of relevant experienceMinimum 8 years of general experience and 6 years of relevant experience in functional responsibilityWell-versed in cyber risk management and must have experience working with SDLC and performing security tasks throughoutExperience with and working understanding of FISMA compliance, experience conducting all phases of Certification and Accreditation, and creating documentation in accordance with NIST guidanceWell-versed with NIST publications, including NIST 800 series, OMB circulars such as OMB A-123 circular and OMB A-130 circular and memorandaCFO Act agency experience preferredExperience with FISMA, CIO, and OIG metrics preferredStrong analytical and organizational skillsStrong communication skills and demonstrated experience interacting with senior leadership Concise writing skillsDesired:Secret ClearanceCISSP highly desiredUnderstanding of and experience with CSAM is a plusClearance: US Citizenship, Public Trust eligibility requiredLocation: Hybrid (local Washington, DC preferred for the ability to attend customer meetings in-person, as needed)

Created: 2024-10-31