Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Cybersecurity Assessment & Compliance Team Project Manager

Expired Job

B&M Consulting Group, Inc Washington , DC 20005

Posted 3 months ago

Cybersecurity Compliance & Assessment Team Project Manager (Federal)
B&M Consulting Group, Inc. is a professional services firm based in Rockville, Maryland, specializing in cybersecurity. B&M is looking for a Project Manager to lead a Cybersecurity Compliance and Assessment Team for a Federal client.
The Project Manager will oversee all aspects of the project and lead a small team of cybersecurity and IT analysts in complex projects involving Federal Information Security Management Act (FISMA) compliance, Security Assessment and Authorization (SA&A), and Authorities to Operate (ATO) for major information systems. The candidate who fills the position will work in a team environment with experienced cybersecurity and IT auditors and assessors. The Project Manager is responsible for analyzing project-related problems and creating innovative solutions regarding the schedule, technology, methodology, tools, solution components, and financial management of the project.
This position requires an understanding of security principles, how they apply to system architectures, and the various testing methods utilized to ascertain the effectiveness of those controls. The candidate must be able to understand and manage the performance of the following tasks: IT security testing (risk and vulnerability analysis) of complex operational systems and facilities; risk exposure assessments based on threats and exploit paths, while factoring in mitigating controls; the development of recommendations for remediating detected vulnerabilities and compliance gaps; performance of independent testing of corrective actions to validate risk/vulnerability resolution.
The candidate is expected to be able to evaluate technical controls related to areas such as, but not limited to: the adequacy of encryption controls implemented across a variety of platforms to protect sensitive data in transit and at rest; the architecture, configuration, and use of antivirus and malware detection and management solutions; audit log generation, aggregation, and analysis; and authentication solution configuration and management.

Responsibilities:
Lead a team of cybersecurity professionals on projects related to FISMA compliance and SA&A
Plan, conduct, and document IT security testing in accordance with Draft NIST SP 800-53A Revision 5
Facilitate and manage Security Control Assessments (SCA) and possibly additional advanced-level Continuous Monitoring Activities within internally hosted and cloud-based environments
Ensure cyber security policies are adhered to and that required controls are implemented
Validate respective information system security plans to ensure NIST control requirements are met
Develop resultant SCA documentation and client-ready deliverables, including but not limited to the Security Assessment Report
Develop recommendations associated with the findings on how to improve the customers security posture in accordance with NIST controls
Reviews the controls that support the Requirements Traceability Matrix (RTM) and the details of the System Security Plan (SSP) to determine completeness and accuracy
Follow and abide by the SCA Standard Operating Procedure (SOP) that is provided by the client
Provide Security Assessment Results to meet client requirements and standards, which will include at a minimum the following documents: SAR, RTM, and a detailed technical results document as stipulated by the client upon Security Assessment completion
Assist with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems
Assist team members with proper artifact collection to the clients examples of artifacts that will satisfy assessment requirements
Be proficient at testing, analyzing and interpreting Security Assessment Results for all systems, including but not limited to the following platforms:
Microsoft Server 2008/2012/Other, UNIX/Linux, Microsoft SQL Server, Oracle DBMS, Sybase DBMS, Windows 7, IIS, Mobile Device Management solutions, Routers/Switches/Firewalls, Printers/Faxes/Multi-Function Devices, .Net and Java custom-developed applications

Requirements:
Bachelors Degree in a computer-related field
5+ years of IT security and/or project management of IT security projects
One or more of the following certifications is preferred: CSAM, CISSP, CISA, CEH, CAP
PMP is preferred
Strong leadership experience
Strong experience in project management
Experience in performing IT security testing, IT control assessments/audits, and/or IT Security Testing and Evaluation (ST&E)
Knowledge of Federal information security standards and methodologies, including FISMA requirements, OMB standards and guidelines, and NIST Federal Information Processing Standards (FIPS) Publications and Special Publications (NIST FIPS 199, NIST FIPS 200, NIST SP 800-37, NIST SP 800-53/A, etc.)
Familiarity with OMB Circular A-130 and NIST requirements, particularly NIST SP 800-37 and Draft SP 800-53 Revision 5
Ability to apply information security principles to enterprise applications, operating systems, and networks
Excellent written/verbal communication and presentation skills
Excellent people skills and ability to work with diverse stakeholders
Citizenship

Requirements:
U.S. Citizens or Green Card holders only. Applicants selected will be subject to a government security investigation and must be able to pass a Federal background check for a public trust clearance.
To Apply:
Please send your detailed resume that includes a summary of key Project Management qualifications at the top of the resume to .
Equal Opportunity Employer
B&M Consulting Group, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Skills:
cyber, IT security, audit, assessment, SA&A, compliance, risk management
Permanent


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Cybersecurity Vulnerability Assessment Specialist

Csra Inc.

Posted 2 weeks ago

VIEW JOBS 11/3/2018 12:00:00 AM 2019-02-01T00:00 Primary Location Washington , DC United States Job Requisition RQ20699 Category Information Technology Apply Legacy CSRA employee login The Administrative Office of the United States Courts (AOUSC), Department of Technology (DTS) Information Technology Security Office (ITSO) provides IT security support services to court units (courts) within the Federal Judiciary and manages the Judiciary Information Technology Security Program (Program) in collaboration with local court units and AOUSC national program offices (NPOs). Court units primarily consist of Federal Appellate Courts, District Courts, Bankruptcy Courts, Probation Offices, and Pretrial Services Offices located across the United States and the U.S. Territories. ITSO provides court units and NPOs with services and support to assist with building and evolving their IT security programs. Identifying and managing IT security risks is an integral part of each security program. ITSO's goal is to ensure that court units and NPOs have the information necessary to make risk-based decisions with regard to the information systems supporting their mission and business functions Designs and develops new systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks. Ensures system security needs established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning and provides analytical support for security policy development and analysis. Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features and relates existing system to future needs and trends, embeds advanced forensic tools and techniques for attack reconstruction, provides engineering recommendations, and resolves integration and testing issues. May interface with external entities including law enforcement, intelligence and other government organizations and agencies. Required skills: Cyber Security Assessment Management (CSAM), Microsoft Office 365, OWASP ZAP Proxy, SQLmap, Metasploit Pro, WebInspect, Nmap, Nessus, Burp Suite, Wireshark, John The Ripper. DESIRED QUALIFICATIONS: BS or equivalent + 2 yrs related experience, or MS + 0 yrs experience For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training, and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs, and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class. Post date: May 9, 2018 Location - Thoroughfare (i.e. Street address): Washington , DC United States Location - Thoroughfare (i.e. Street address): Senior Cybersecurity Vulnerability Assessment Specialist CSRA May 9, 2018 The Administrative Office of the United States Courts (AOUSC), Department of Technology (DTS) Information Technology Security Office (ITSO) provides IT security support services to court units (courts) within the Federal Judiciary and manages the Judiciary Information Technology Security Program (Program) in collaboration with local court units and AOUSC national program offices (NPOs). Court units primarily consist of Federal Appellate Courts, District Courts, Bankruptcy Courts, Probation Offices, and Pretrial Services Offices located across the United States and the U.S. Territories. ITSO provides court units and NPOs with services and support to assist with building and evolving their IT security programs. Identifying and managing IT security risks is an integral part of each security program. ITSO's goal is to ensure that court units and NPOs have the information necessary to make risk-based decisions with regard to the information systems supporting their mission and business functions Designs and develops new systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks. Ensures system security needs established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning and provides analytical support for security policy development and analysis. Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features and relates existing system to future needs and trends, embeds advanced forensic tools and techniques for attack reconstruction, provides engineering recommendations, and resolves integration and testing issues. May interface with external entities including law enforcement, intelligence and other government organizations and agencies. Required skills: Cyber Security Assessment Management (CSAM), Microsoft Office 365, OWASP ZAP Proxy, SQLmap, Metasploit Pro, WebInspect, Nmap, Nessus, Burp Suite, Wireshark, John The Ripper. DESIRED QUALIFICATIONS: BS or equivalent + 2 yrs related experience, or MS + 0 yrs experience Washington , DC United States * Csra Inc. Washington DC

Cybersecurity Assessment & Compliance Team Project Manager

Expired Job

B&M Consulting Group, Inc