Information Assurance / Lead Security Specialist

VariQ is an information security and information technology services company delivering strategic solutions to technology-enabled enterprises. Core competencies include Cyber Security, IT Infrastructure support, and Program Management. VariQ is a Microsoft Gold Partner and a Symantec Platinum Partner.

VariQ’s Cybersecurity Line of Business is seeking future team members with strong cybersecurity skills in the areas of security assessments, continuous monitoring, and privacy program support for a financial services sector client. This highly visible and critical infrastructure related work includes performing security and privacy compliance work as well as consulting this client on emerging programs such as the Risk Management Framework and Continuous Diagnostics and Mitigation, (CDM).Serve as the Team Lead overseeing a team of IA specialists responsible for multiple security compliance activities, while also leading assessment activities and interfacing directly with key customer stakeholders:

* Assist on performing Assessments, Complete Assessment Plans, Create/Update System Security Plans (SSPs) and Security Assessment Reports (SARs). * Coordinate, facilitate, and assist key meetings with customer which may include up to 20 stakeholders. * Help complete client deliverables in strict project timelines and show ability to wisely manage time and multiple assessments and assignments at once. * Perform quality evaluations of information system security controls in accordance with NIST 800-53, 800-137. * Work with customer and system and application teams to resolve issues, answer questions and collect evidence related to assessment of security controls. * Participate in Continuous Monitoring initiatives which may include: Standard Operating Procedure updates, template updates, training content updates, and development of scripts for calls and test cases for assessments.

* Security Assessment and Authorization, (SA&A) activities * Plan-of-Action-and-Milestones, (POA&M) management * Risk Management Framework, (RMF) implementation * Continuous Monitoring planning and implementation * Privacy Threshold Assessment/Privacy Impact Assessment development * System Security Lifecycle Support * Privacy Program Support/Privacy Controls Implementation **Required:** * CISSP, CISM, CISA **Desired:** * Securing Industrial Control Systems, (ICS) / Supervisory Control and Data Acquisition, (SCADA) systems is a plus.