Description
Leidos and the Digital Modernization Sector has a current job opportunity for an information security risk specialist supporting NASA on the Cybersecurity and Privacy Enterprise Support Services Contract (CyPrESS). Your experience will be used to work with information system owners, system administrators, cybersecurity risk managers, and authorizing officials to discover their cyber risks and develop a mitigation plan
Position Summary
Working on the CyPrESS contract, your experience will be used to work with information system owners, system administrators, cybersecurity risk managers, and authorizing officials to discover their cyber risks and develop a mitigation plan. The role requires review of technical, environmental, and personnel details supporting the information system to assess the entire threat landscape. Additionally, the role requires supporting the development of mitigations, document risks, and to continually assess system risk. The role requires work with the client to translate security concepts so they can make the best decisions to secure their information systems and reduce their attack surface.
Want more jobs like this?
Get jobs in Clarksburg, WV delivered to your inbox every week.
Primary Responsibilities:
• Collaborate with information system owners, system administrators, and cybersecurity risk managers to identify and evaluate cyber risks associated with information systems.
• Conduct comprehensive reviews of technical, environmental, and personnel details to assess the complete threat landscape.
• Develop and recommend effective mitigation strategies to address identified risks, ensuring alignment with organizational security policies and compliance requirements.
• Create detailed documentation outlining risks and proposed mitigation plans for stakeholder review and approval.
• Assess and verify the implementation of security controls within information systems, ensuring adherence to the risk management framework and NIST 800-53 standards.
• Monitor the progress of remediation efforts, providing regular updates to stakeholders on the status of security control implementation.
• Work closely with clients to translate complex security concepts into actionable insights, enabling informed decision-making regarding their information systems' security posture.
• Facilitate communication between technical teams and non-technical stakeholders to ensure a clear understanding of risks and necessary actions.
• Perform ongoing assessments of system risks and security controls, ensuring they remain effective in the face of evolving threats and vulnerabilities.
• Identify opportunities for improvement in risk management processes and security practices within the organization.
• Maintain comprehensive records of risk assessments, mitigation strategies, and remediation activities.
• Contribute to the development and delivery of training materials and awareness programs to enhance organizational understanding of cybersecurity risks and best practices.
• Ensure that all risk management activities comply with relevant regulatory requirements and organizational policies.
• Assist in preparing for audits and assessments related to information security and risk management.
• Analyze and report organizational security posture trends.
• Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
• Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed.
• Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
• Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
• Plan and recommend modifications or adjustments based on exercise results or system environment.
• Properly document all systems security implementation, operations and maintenance activities and update as necessary.
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
• Verify and update security documentation reflecting the application/system security design features.
• Verify minimum security requirements are in place for all applications.
Basic Qualifications:
• Experience implementing or assessing security controls within an information system
• Knowledge of the risk management framework and NIST 800-53
• Ability to effectively monitor progress of remediation
• Ability to work with information systems owners, risk managers, and security professionals to ensure the implementation, identification, and tracking of security control implementation within an information system
• TS/SCI clearance
• Ability to work with upper management and interface with the customer.
• Bachelor's degree
Preferred Qualifications:
• Experience working in the NASA or Enterprise environment.
• Experience with Archer
• NIST 800-53
• Risk Management Framework
Original Posting Date:
2024-10-22
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $81,250.00 - $146,875.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.