National Security Systems Cybersecurity Risk Management and Compliance
Apply NowCompany: Rigil Corporation
Location: Springfield, VA 22153
Description:
Role: National Security Systems Cybersecurity Risk Management and Compliance Lead
About RigilRigil is an award-winning, woman-owned, small business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Location: Springfield, VA 22150
Job Type: Full Time
Job Description:The NSS Cybersecurity Risk Management and Compliance Lead shall have sufficient corporate authority to direct, execute, and control all contractor staff and subcontractors providing support services. The lead is responsible for the quality of all required deliverables and for monitoring the performance of their staff. Areas of responsibility for the lead for NSS systems include, but are not limited to: Security Architecture and Design for NSS Systems NSS Security Engineering Support
NSS Governance, Risk, and Compliance (GRC) Support.
Security Architecture and Design: Document any changes and recommend any future updates architecture and design documents by staying abreast to trending and technological advancements. Develop process and procedures for the continuous monitoring of software, systems, devices on the DHS networks to ensure visibility and provide actionable information. Review trends and advancements in technology (ex. Internet of Things (IoT), artificial intelligence (AI), quantum computing) as it applies to cybersecurity and create white papers, as requested. Develop draft guidance and policy surrounding the implementation virtual and cloud environments. Develop and inventory automation, scripts and queries to organize, extract, and present data in support of architectural role. Provide architecture subject matter advisement to the Government including, but not limited to, cybersecurity security and engineering principles and design and implementation of National Security Manager guidance. Review, analyze and provide feedback to system architectures of various NSS systems that fall under DHS and component purview. Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and selfreported data to identify trends and anomalies cybersecurity performance and mitigation of risks. Develop Security Impact Analysis (SIA) reports, as a result of analysis under the security architecture role Provide responses in support of audits. Example of audits are FISMA evaluations, Financial Internal Control audits, and audit requests received from the General Accountability Office (GAO) or Office of the Inspector General. Create presentation/briefs relating the security architecture, as required. Document information security, cybersecurity architecture, and systems security engineering requirements.
NSS Security Engineering Support: Security Engineering and support of the Analysis, Documentation and reporting of various Security Engineering processes as relates to national security systems and cybersecurity acquisitions.
Draft and maintain Standard Operating Procedure documents for processes internal and external to the Branch. Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and selfreported data to identify trends and anomalies cybersecurity performance and mitigation of risks. Develop process and procedures for the continuous monitoring of software, systems, devices on the DHS networks to ensure visibility and
provide actionable information. Review, analyze and manage DHS NSS Performance Plan Metrics for assigned programs and systems; report any discrepancies to the Federal Compliance Manager, Information Systems Security Officer (ISSO) and
Information Systems Security Manager (ISSM). Provide responses in support of audits. Example of audits are FISMA evaluations, Financial Internal Control audits, and audit requests received from the General Accountability Office (GAO) or Office of the Inspector General. Review System Design, architecture, interconnection documents and diagrams. Create Security Impact Analysis Reports, as a result of analyses performed under the security engineering role. Create presentation/briefs relating to security engineering, as required.
NSS Governance, Risk, and Compliance (GRC) Support: Adhere to all CONOPS, DHS NSCD procedures and guidance (CNSS, NIST and DHS 4300B Security Policy) when performing NSS compliance
activities/reporting. Manage the reporting of cyber security compliance events that affect DHS NSS. The contractor shall actively develop/enhance/automate and support the continuous/compliance monitoring and reporting activities as related to DHS NSS Scorecards and other official NSS reporting (both internal and external to DHS (ex. National Security Manager reporting)). The contractor shall work with DHS Components, contractors, or other organizations within DHS to assess and evaluate DHS NSS footprint; by providing cyber risks recommendations associated to DHS NSS. Shall produce analysis and reporting in support of cyber risk compliance activities and activities stemming from Cybersecurity Supply Chain Risk Management (C-SCRM) requests for assessments. Create and maintain documentation from all NSS-related compliance activities, to include any incoming DHS Chief Information Security Officer (CISO) and DHS Information and Analysis (I&A) requests for information. Maintain an up-to-date list of Department, Component, and relevant cybersecurity NSS POCs in designated website. Utilize DHS NSCD-authorized compliance tracking system(s) tool to track approvals, compliance activities, and reporting. Compliance reports shall be in business language and effectively communicate the effect on the mission, what assets were evaluated, what was the resultant cyber risk recommendation, and the plan to mitigate any
resultant cyber risk issues. Conduct research on cyber threats, assess the protections in place to mitigate cyber threats, determine and document risks associated to the associated DHS NSS asset in the corresponding Risk Assessment Report.
Keep the DHS CISO and other key stakeholders informed of matters concerning the DHS NSS security posture. Serve as an advisor to DHS NSCD Government personnel who represent DHS to external Government Agencies and National Security forums and discussions, as they relate to DHS NSS compliance activities. Conduct weekly/monthly POAM monitoring and review to ensure mitigation due dates do not expire, and work with the system owners, ISSOs and other system security representatives to ensure POAM timely closures. To be determined at the order level. Support any internal and external audits of the DHS NSS environment. Provide analysis and feedback on DHS security artifacts when assigned to
NSCD, to include but not limited to Memorandum of Understandings (MOU), Memorandum of Agreements (MOA), and Interconnection Security Agreements (ISA). Provide responses in support of audits. Example of audits are FISMA
evaluations, Financial Internal Control audits, and audit requests received from the General Accountability Office (GAO) or Office of the Inspector General. Support the development and update of DHS NSS Information Safeguarding and Risk Management Council (ISRMC) coordination meeting artifacts, governance processes and procedures.
Minimum Qualifications: Bachelor's Degree in Computer Science or related field. Minimum 10 years of relevant experience. Must hold an active TOP SECRET security clearance
Flexible work from home options available.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Rigil Corporation
About Rigil
Rigil is an award-winning, woman-owned business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Company Website:
About RigilRigil is an award-winning, woman-owned, small business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Location: Springfield, VA 22150
Job Type: Full Time
Job Description:The NSS Cybersecurity Risk Management and Compliance Lead shall have sufficient corporate authority to direct, execute, and control all contractor staff and subcontractors providing support services. The lead is responsible for the quality of all required deliverables and for monitoring the performance of their staff. Areas of responsibility for the lead for NSS systems include, but are not limited to: Security Architecture and Design for NSS Systems NSS Security Engineering Support
NSS Governance, Risk, and Compliance (GRC) Support.
Security Architecture and Design: Document any changes and recommend any future updates architecture and design documents by staying abreast to trending and technological advancements. Develop process and procedures for the continuous monitoring of software, systems, devices on the DHS networks to ensure visibility and provide actionable information. Review trends and advancements in technology (ex. Internet of Things (IoT), artificial intelligence (AI), quantum computing) as it applies to cybersecurity and create white papers, as requested. Develop draft guidance and policy surrounding the implementation virtual and cloud environments. Develop and inventory automation, scripts and queries to organize, extract, and present data in support of architectural role. Provide architecture subject matter advisement to the Government including, but not limited to, cybersecurity security and engineering principles and design and implementation of National Security Manager guidance. Review, analyze and provide feedback to system architectures of various NSS systems that fall under DHS and component purview. Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and selfreported data to identify trends and anomalies cybersecurity performance and mitigation of risks. Develop Security Impact Analysis (SIA) reports, as a result of analysis under the security architecture role Provide responses in support of audits. Example of audits are FISMA evaluations, Financial Internal Control audits, and audit requests received from the General Accountability Office (GAO) or Office of the Inspector General. Create presentation/briefs relating the security architecture, as required. Document information security, cybersecurity architecture, and systems security engineering requirements.
NSS Security Engineering Support: Security Engineering and support of the Analysis, Documentation and reporting of various Security Engineering processes as relates to national security systems and cybersecurity acquisitions.
Draft and maintain Standard Operating Procedure documents for processes internal and external to the Branch. Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and selfreported data to identify trends and anomalies cybersecurity performance and mitigation of risks. Develop process and procedures for the continuous monitoring of software, systems, devices on the DHS networks to ensure visibility and
provide actionable information. Review, analyze and manage DHS NSS Performance Plan Metrics for assigned programs and systems; report any discrepancies to the Federal Compliance Manager, Information Systems Security Officer (ISSO) and
Information Systems Security Manager (ISSM). Provide responses in support of audits. Example of audits are FISMA evaluations, Financial Internal Control audits, and audit requests received from the General Accountability Office (GAO) or Office of the Inspector General. Review System Design, architecture, interconnection documents and diagrams. Create Security Impact Analysis Reports, as a result of analyses performed under the security engineering role. Create presentation/briefs relating to security engineering, as required.
NSS Governance, Risk, and Compliance (GRC) Support: Adhere to all CONOPS, DHS NSCD procedures and guidance (CNSS, NIST and DHS 4300B Security Policy) when performing NSS compliance
activities/reporting. Manage the reporting of cyber security compliance events that affect DHS NSS. The contractor shall actively develop/enhance/automate and support the continuous/compliance monitoring and reporting activities as related to DHS NSS Scorecards and other official NSS reporting (both internal and external to DHS (ex. National Security Manager reporting)). The contractor shall work with DHS Components, contractors, or other organizations within DHS to assess and evaluate DHS NSS footprint; by providing cyber risks recommendations associated to DHS NSS. Shall produce analysis and reporting in support of cyber risk compliance activities and activities stemming from Cybersecurity Supply Chain Risk Management (C-SCRM) requests for assessments. Create and maintain documentation from all NSS-related compliance activities, to include any incoming DHS Chief Information Security Officer (CISO) and DHS Information and Analysis (I&A) requests for information. Maintain an up-to-date list of Department, Component, and relevant cybersecurity NSS POCs in designated website. Utilize DHS NSCD-authorized compliance tracking system(s) tool to track approvals, compliance activities, and reporting. Compliance reports shall be in business language and effectively communicate the effect on the mission, what assets were evaluated, what was the resultant cyber risk recommendation, and the plan to mitigate any
resultant cyber risk issues. Conduct research on cyber threats, assess the protections in place to mitigate cyber threats, determine and document risks associated to the associated DHS NSS asset in the corresponding Risk Assessment Report.
Keep the DHS CISO and other key stakeholders informed of matters concerning the DHS NSS security posture. Serve as an advisor to DHS NSCD Government personnel who represent DHS to external Government Agencies and National Security forums and discussions, as they relate to DHS NSS compliance activities. Conduct weekly/monthly POAM monitoring and review to ensure mitigation due dates do not expire, and work with the system owners, ISSOs and other system security representatives to ensure POAM timely closures. To be determined at the order level. Support any internal and external audits of the DHS NSS environment. Provide analysis and feedback on DHS security artifacts when assigned to
NSCD, to include but not limited to Memorandum of Understandings (MOU), Memorandum of Agreements (MOA), and Interconnection Security Agreements (ISA). Provide responses in support of audits. Example of audits are FISMA
evaluations, Financial Internal Control audits, and audit requests received from the General Accountability Office (GAO) or Office of the Inspector General. Support the development and update of DHS NSS Information Safeguarding and Risk Management Council (ISRMC) coordination meeting artifacts, governance processes and procedures.
Minimum Qualifications: Bachelor's Degree in Computer Science or related field. Minimum 10 years of relevant experience. Must hold an active TOP SECRET security clearance
Flexible work from home options available.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Rigil Corporation
About Rigil
Rigil is an award-winning, woman-owned business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Company Website: