Cybersecurity Compliance & Assessment Team Project Manager (Federal)
B&M Consulting Group, Inc. is a professional services firm based in Rockville, Maryland, specializing in cybersecurity. B&M is looking for a Project Manager to lead a Cybersecurity Compliance and Assessment Team for a Federal client.
The Project Manager will oversee all aspects of the project and lead a small team of cybersecurity and IT analysts in complex projects involving Federal Information Security Management Act (FISMA) compliance, Security Assessment and Authorization (SA&A), and Authorities to Operate (ATO) for major information systems. The candidate who fills the position will work in a team environment with experienced cybersecurity and IT auditors and assessors. The Project Manager is responsible for analyzing project-related problems and creating innovative solutions regarding the schedule, technology, methodology, tools, solution components, and financial management of the project.
This position requires an understanding of security principles, how they apply to system architectures, and the various testing methods utilized to ascertain the effectiveness of those controls. The candidate must be able to understand and manage the performance of the following tasks: IT security testing (risk and vulnerability analysis) of complex operational systems and facilities; risk exposure assessments based on threats and exploit paths, while factoring in mitigating controls; the development of recommendations for remediating detected vulnerabilities and compliance gaps; performance of independent testing of corrective actions to validate risk/vulnerability resolution.
The candidate is expected to be able to evaluate technical controls related to areas such as, but not limited to: the adequacy of encryption controls implemented across a variety of platforms to protect sensitive data in transit and at rest; the architecture, configuration, and use of antivirus and malware detection and management solutions; audit log generation, aggregation, and analysis; and authentication solution configuration and management.Responsibilities:
Lead a team of cybersecurity professionals on projects related to FISMA compliance and SA&A
Plan, conduct, and document IT security testing in accordance with Draft NIST SP 800-53A Revision 5
Facilitate and manage Security Control Assessments (SCA) and possibly additional advanced-level Continuous Monitoring Activities within internally hosted and cloud-based environments
Ensure cyber security policies are adhered to and that required controls are implemented
Validate respective information system security plans to ensure NIST control requirements are met
Develop resultant SCA documentation and client-ready deliverables, including but not limited to the Security Assessment Report
Develop recommendations associated with the findings on how to improve the customers security posture in accordance with NIST controls
Reviews the controls that support the Requirements Traceability Matrix (RTM) and the details of the System Security Plan (SSP) to determine completeness and accuracy
Follow and abide by the SCA Standard Operating Procedure (SOP) that is provided by the client
Provide Security Assessment Results to meet client requirements and standards, which will include at a minimum the following documents: SAR, RTM, and a detailed technical results document as stipulated by the client upon Security Assessment completion
Assist with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems
Assist team members with proper artifact collection to the clients examples of artifacts that will satisfy assessment requirements
Be proficient at testing, analyzing and interpreting Security Assessment Results for all systems, including but not limited to the following platforms:
Microsoft Server 2008/2012/Other, UNIX/Linux, Microsoft SQL Server, Oracle DBMS, Sybase DBMS, Windows 7, IIS, Mobile Device Management solutions, Routers/Switches/Firewalls, Printers/Faxes/Multi-Function Devices, .Net and Java custom-developed applicationsRequirements:
Bachelors Degree in a computer-related field
5+ years of IT security and/or project management of IT security projects
One or more of the following certifications is preferred: CSAM, CISSP, CISA, CEH, CAP
PMP is preferred
Strong leadership experience
Strong experience in project management
Experience in performing IT security testing, IT control assessments/audits, and/or IT Security Testing and Evaluation (ST&E)
Knowledge of Federal information security standards and methodologies, including FISMA requirements, OMB standards and guidelines, and NIST Federal Information Processing Standards (FIPS) Publications and Special Publications (NIST FIPS 199, NIST FIPS 200, NIST SP 800-37, NIST SP 800-53/A, etc.)
Familiarity with OMB Circular A-130 and NIST requirements, particularly NIST SP 800-37 and Draft SP 800-53 Revision 5
Ability to apply information security principles to enterprise applications, operating systems, and networks
Excellent written/verbal communication and presentation skills
Excellent people skills and ability to work with diverse stakeholders
U.S. Citizens or Green Card holders only. Applicants selected will be subject to a government security investigation and must be able to pass a Federal background check for a public trust clearance.
Please send your detailed resume that includes a summary of key Project Management qualifications at the top of the resume to .
Equal Opportunity Employer
B&M Consulting Group, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
cyber, IT security, audit, assessment, SA&A, compliance, risk management