Lead Security Specialist

VariQ is an information security and information technology services company delivering strategic solutions to technology-enabled enterprises. Core competencies include Cyber Security, IT Infrastructure support, and Program Management. VariQ is a Microsoft Gold Partner and a Symantec Platinum Partner.

* Serve as a Lead Security Specialist through the implementation of an enterprise-wide GRC tool (RSAM) - to include supporting gathering requirements, developing workflows, configuring the tool, and deploying to users. * Transform policies, standards, processes, and other cybersecurity requirements, into configurations for the RSAM GRC tool to be implemented by the Office of Cybersecurity, to include control requirements, control assessment methods, SA&A lifecycle workflows, etc. Develop, test, and deploy standard reports and charts using the RSAM tool. * Provide evaluations of information security policies and procedures. The Contractor shall advise the Cybersecurity team on pertinent developments in federal information security policy as it pertains to CFPB. When the Cybersecurity team is called on to respond to newly proposed information security directives and similar policy documents, the Contractor shall assess the impact of these changes on a respective program and draft responses for review, approval, and submission by appropriate Government personnel. * Monitor and advise the Cybersecurity team on relevant changes in information security policy and compliance. The Contractor shall raise such developments to the attention of appropriate persons within the Cybersecurity team and promote sufficient detail such that the change and potential impacts are understood to assure they are properly addressed. * Support the Cybersecurity team in aligning and maintaining consistency of information security requirements defined in or derived from program policies and other business writings. * Assist in the development, review, or updating of information security policies and procedures to be applied consistently across the systems, services and sites. The Contractor shall prepare, in finished form, policies, standards, processes and other business writings. * Manage delivery of multiple Cybersecurity efforts (including RSAM projects) through the complete life cycle. This includes: * Ensuring that projects are delivered on-time and in compliance with business and technical requirements. * Develop project communication plans, define delivery team roles and responsibilities on the project, plan and manage project schedules. * Monitor and track progress against milestones, deadlines, and requirements traceability matrices. Report on these items to key project stakeholders. * Maintain issue logs and facilitate issue resolution. Anticipate, manage, and address risks and project challenges. * Understand high-level business, functional and technical solution requirements, and be able to facilitate communication and coordinate discussions that drive decisions at the appropriate stage of the process. * Oversee production of project-specific documentation, project plans, requirements and design documents, manage sign off, stakeholder change control and project close out processes

* Possess a deep knowledge of FISMA, Federal Information Processing Standards, NIST Special Publications, and the NIST Risk Management & Cybersecurity Frameworks. Candidate must be prepared to serve in a subject matter expert (SME) role. * RSAM experience is preferred, but we can accept similar Governance, Risk and Compliance (GRC) tool suite experience. Examples include RSA Archer and ViewTrust Smart Cert." * Experience wise - 5+ years in IT Security/Compliance, broad knowledge of compliance areas is also good (FISMA, HIPAA, SOX, ISO, etc) * Experience with vulnerability management tools is good * Not necessarily required, but helpful is a good understanding of SQL * General programming skills or at least a familiarity with programming can be very helpful. While you don't need to know how to program to use Rsam, knowing how programming/coding works helps.