Information Assurance / Lead Security Specialist
VariQ
(Washington, District of Columbia)VariQ is an information security and information technology services company delivering strategic solutions to technology-enabled enterprises. Core competencies include Cyber Security, IT Infrastructure support, and Program Management. VariQ is a Microsoft Gold Partner and a Symantec Platinum Partner.
VariQ’s Cybersecurity Line of Business is seeking future team members with strong cybersecurity skills in the areas of security assessments, continuous monitoring, and privacy program support for a financial services sector client. This highly visible and critical infrastructure related work includes performing security and privacy compliance work as well as consulting this client on emerging programs such as the Risk Management Framework and Continuous Diagnostics and Mitigation, (CDM).Serve as the Team Lead overseeing a team of IA specialists responsible for multiple security compliance activities, while also leading assessment activities and interfacing directly with key customer stakeholders:
- Assist on performing Assessments, Complete Assessment Plans, Create/Update System Security Plans (SSPs) and Security Assessment Reports (SARs).
- Coordinate, facilitate, and assist key meetings with customer which may include up to 20 stakeholders.
- Help complete client deliverables in strict project timelines and show ability to wisely manage time and multiple assessments and assignments at once.
- Perform quality evaluations of information system security controls in accordance with NIST 800-53, 800-137.
- Work with customer and system and application teams to resolve issues, answer questions and collect evidence related to assessment of security controls.
- Participate in Continuous Monitoring initiatives which may include: Standard Operating Procedure updates, template updates, training content updates, and development of scripts for calls and test cases for assessments.
- Security Assessment and Authorization, (SA&A) activities
- Plan-of-Action-and-Milestones, (POA&M) management
- Risk Management Framework, (RMF) implementation
- Continuous Monitoring planning and implementation
- Privacy Threshold Assessment/Privacy Impact Assessment development
- System Security Lifecycle Support
- Privacy Program Support/Privacy Controls Implementation
Required:
- CISSP, CISM, CISA
Desired:
- Securing Industrial Control Systems, (ICS) / Supervisory Control and Data Acquisition, (SCADA) systems is a plus.
Questions
There are no answered questions, sign up or login to ask a question
- Assessments
- Deep Understanding of Risk Management Framework
- Developing and Maintaining Standard Operating Procedures (SOPs)
- Implementation
- Planning
- Project Timelines
- SCADA
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- CISSP
- NIST 800-53
- Plan of Action and Milestones
- System Security Plans
- Security Assessment Reports
- NIST 800-137
- Security Assessment and Authorization
- Privacy Threshold Assessment
- Privacy Impact Assessment
- System Security Lifecycle
- Privacy Program Support
- Privacy Controls Implementation
- Industrial Control Systems (ICS)
- Security Controls
Want to see jobs that are matched to you?
DreamHire recommends you jobs that fit your
skills, experiences, career goals, and more.