Component Cybersecurity Risk Management and Compliance Lead
Apply NowCompany: Rigil Corporation
Location: Springfield, VA 22153
Description:
Role: National Security Systems Cybersecurity Risk Management and Compliance Lead
About RigilRigil is an award-winning, woman-owned, small business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Location: Springfield, VA 22150
Job Type: Full Time
Job Description:Areas of responsibility for the lead include, but are not limited to: FISMA Metrics, Reporting, and Continuous Monitoring Support Risk Management, Compliance, and Oversight Support Security Authorization Support. Participate, plan, and attend various MGMT-HQ Component and support DHS Working Group meetings, as required. Provide Risk Management Framework (RMF) support to MGMT-HQ Stakeholders based on internal Component and DHS processes,
methodologies, and guidance. Develop and updated MGMT-HQ Standard Operating Procedures (SOP), Processes, Work Instructions, and Component specific templates and documentation. Provide security architectural support and advisement to the government including, but not limited to, system and network security and engineering, active directory design and implementation, application integration, and system hierarchy. Leverage the DHS and MGMT-HQ ticketing systems to track MGMT-HQ Security tasking work requests and projects. All work efforts must be documented within the MGMT-HQ ticketing system. Develop Compliance Dashboards to leverage centralized security authorization data to support analytics for managing and reporting cybersecurity risks. Efforts should be coordinated with the Enterprise Cybersecurity Risk and Analysis Branch to customize reports and dashboards for MGMT-HQ. Attend and support weekly security project and system meetings focused on FISMA System portfolio and security authorization metrics as identified by the Federal Compliance Manager. Provide regular (weekly) reports summarizing the FISMA System authorization status and adherence to security authorization metrics. The report shall include details of security authorization activities, delays and recommendations for meeting timelines for compliance. Additionally, the reports shall summarize the work completed and milestones met to include metrics. Provide weekly/monthly reports in support of general security activities, meeting minutes, user feedback and propose process improvements accordingly to Federal Lead. Develop security documentation and provide MGMT Component trainings for various subject areas as requested by Federal Lead on a schedule or on an ad hoc basis. Provide support for MGMT-HQ quarterly Compliance meetings with Portfolio Management Division (PMD) and Assessment branches, to include planning of agenda, presentations, and meeting minutes.
FISMA Metrics, Reporting and Continuous Monitoring Support: Provide research and development support of data analytic and data management technologies including those associated with collecting, analyzing, parsing, and reporting large volumes of data that may support the MGMT Component Compliance and DHS CISOD Continuous Monitoring. Represent MGMT-HQ Compliance by engaging and supporting CISOD Working Group meetings.
Provide MGMT Component Security SME inputs to support DHS Department wide Working Groups for recommendations for improvement of FISMA metrics, and continuous monitoring. Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and selfreported data to identify trends and anomalies cybersecurity performance and mitigation of risk.
Reporting: Utilize available data analytics tools to create risk models and reports in support of MGMT-HQ. Utilize available tools to create custom dashboards and scheduled reports to support MGMT-HQ Compliance management.
Compile data, organize information, and prepare routine reports per required frequency and ad hoc reports for review and submission by federal staff. Draft analysis findings, presentations, point papers, after action reports,
gap analysis, business impact analysis and other analytics documentation as directed. Assist federal staff in identifying reporting processes which can be automated for better efficiency and reduced resource cost. Maintain associated task and request trackers per required frequency.
Risk Management, Compliance and Oversight Support: Provide support of MGMT-HQ security authorizations, MGMT-HQ inventory, security training and outreach in support of the MGMT-HQ community, and inputs to MGMT-HQ policy, and procedures and guidelines. Prepare security authorization packages for Federal Management review and approval. Create authorization memos, per MGMT-HQ Component requirements, collect supporting artifacts and documentation and identify risk weaknesses to present to component management. Support and develop process to support compliance team. Provide input to Federal Compliance management for reporting of the status of predetermined government assessment priorities and status of deliverables for weekly to the Federal CISOD PM/DPM, the Federal Compliance Manager, and the Contractor PM. Provide cybersecurity SME support for program and systems to include security authorization guidance in support of assessment readiness, risk and threat assessments, and continuous monitoring activities. Informing MGMT-HQ stakeholders of system related compliance activities, i.e., FISMA scorecard, POA&M resolution issues, Authority to Operate
(ATO), Contingency and Contingency Test Plan and Privacy Threshold Analysis (PTA) expirations. Provide guidance and support to MGMT-HQ Stakeholders post assessment POA&M Consolidation and Remediation Plans development for MGMT
Systems for Compliance Management approval. Provide quality assurance of all security authorization documentation and other documentation to supports MGMT-HQ Compliance and the FISMA systems. Review, analyze, monitor, and report on DHS MGMT-HQ FISMA Metrics for programs and systems within the portfolio; report any discrepancies to the Federal Compliance Manager, ISSO and ISSM. Develop security authorization Packages and other compliance documents
to be routed for DCISO and AO approvals and signature. Prepare reports on the aggregate risk for systems in supported programs. Provide risk determinations in support of security authorization, weakness remediation, and audit activities.
Attend SDLC/SELC project meetings for in support of MGMT-HQ systems, review system business requirements against NIST and DHS security controls requirements to identify gaps and discuss solutions/mitigations,
risk rate the identified gaps and raise risks to the Federal Compliance Manager and Federal Information System Security Manager. Provide review and support to MGMT-HQ system stakeholders as they perform security impact analysis based on changes to information systems. Provide Risk Management Framework (RMF) process and preparation support to system stakeholders; provide guidance on outstanding issues and risks identified to support system readiness for security assessments. Advise and send monthly correspondence to stakeholders on expired and upcoming expiring Contingency Plan (CP)/Contingency Plan Testing (CPT), Annual Self Assessments, POA&Ms and Privacy documents.
Provide weekly report on outstanding tickets from MGMT-HQ tracker. Provide monthly reporting to Federal Management on FISMA Scorecard Metrics for Security Authorization and Information System Compliance
Metrics (ISCM) quality issues for systems in MGMT-HQ portfolio. Review DHS MGMT-HQ FISMA Inventory Change Request prior to submission to the MGMT Compliance Designee for processing. Attend weekly Compliance Team meetings and provide reports in the approved format on the status of requested FISMA Compliance activities. Provide support to stakeholders, as needed, to support updates to Information System Security Officers (ISSO), Information System Security
Manager (ISSM), and System Owner Designation Letters. Provide updates to MGMT-HQ. Update all pertinent information for all system within the designated DHS MGMT-HQ FISMA portfolio repository. Develop and update relevant MGMT-HQ FISMA Compliance SOPs on a quarterly basis. Provide guidance and support for all assigned security authorization activities. Prepare and deliver all requested security authorization artifacts and reports. Review and analyze DHS policy to identify discrepancies. Update and maintain tasks and project status on the DHS Headquarters Compliance Team SharePoint Site daily or as suggested by the Federal Compliance Manager. Review and analyze Department Reports and notify (weekly, unless directed otherwise) ISSM, ISSO and Compliance Manager of deficiencies.
Weakness Management Support: Develop, maintain and update MGMT-HQ POA&M procedures to review POA&M weakness remediation activity for effectiveness and quality. Develop MGMT-HQ documentation and provide trainings for various subject areas as requested by Federal Lead on a schedule or on an ad hoc basis. Manage and track the MGMT-HQ POA&M Internal Review Board (IRB) meeting activities. Plan, host and provide meeting minutes and action items on POA&M meetings held with Stakeholders. Manage and update Remediation Plan Guidance, SOPs, Trainings and Templates. Report weekly and monthly with a summary of the IRB progress as defined by Federal POA&M Lead. Review POA&M quality against quality metrics to ensure accurate entry into DHS FISMA Compliance Tool and track remediation action on POA&Ms to completion. Be able to read and review vulnerability and compliance scans and
remediation artifacts to determine if the weakness has been mitigated or resolved. Review, route, process, and upload (in DHS FISMA Compliance tool) all approved MGMT-HQ waivers and risk acceptance documentation.
Review and approve all MGMT-HQ POA&M closures.
Ongoing Authorization Security Services: Provide guidance and support to all MGMT-HQ systems on Ongoing Authorization (OA) processes and procedures. Review MGMT-HQ OA documents and develop the OA Submission
package and its contents. Conduct monthly reviews of OA systems to ensure they are meeting OA program requirements. Organize, prepare, participate in, and sometimes run the monthly Organizational Risk Management Board (ORMB) meeting to include release of meeting minutes to attendees. Validate the System Motives are accurate and corresponds to the annual OA assessment frequency requirements. Conduct annual assessments as required for OA systems. Ensure the MGMT-HQ OA Program strictly abides by the DHS Ongoing Authorization Methodology. Draft and propose Standard Operational Procedures (SOP) as requested by the government and shall review/update all SOPs annually.
Minimum Qualifications: Bachelor's Degree in Computer Science or related field. Minimum 10 years of relevant experience. Must hold an active SECRET security clearance
Flexible work from home options available.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Rigil Corporation
About Rigil
Rigil is an award-winning, woman-owned business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Company Website:
About RigilRigil is an award-winning, woman-owned, small business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Location: Springfield, VA 22150
Job Type: Full Time
Job Description:Areas of responsibility for the lead include, but are not limited to: FISMA Metrics, Reporting, and Continuous Monitoring Support Risk Management, Compliance, and Oversight Support Security Authorization Support. Participate, plan, and attend various MGMT-HQ Component and support DHS Working Group meetings, as required. Provide Risk Management Framework (RMF) support to MGMT-HQ Stakeholders based on internal Component and DHS processes,
methodologies, and guidance. Develop and updated MGMT-HQ Standard Operating Procedures (SOP), Processes, Work Instructions, and Component specific templates and documentation. Provide security architectural support and advisement to the government including, but not limited to, system and network security and engineering, active directory design and implementation, application integration, and system hierarchy. Leverage the DHS and MGMT-HQ ticketing systems to track MGMT-HQ Security tasking work requests and projects. All work efforts must be documented within the MGMT-HQ ticketing system. Develop Compliance Dashboards to leverage centralized security authorization data to support analytics for managing and reporting cybersecurity risks. Efforts should be coordinated with the Enterprise Cybersecurity Risk and Analysis Branch to customize reports and dashboards for MGMT-HQ. Attend and support weekly security project and system meetings focused on FISMA System portfolio and security authorization metrics as identified by the Federal Compliance Manager. Provide regular (weekly) reports summarizing the FISMA System authorization status and adherence to security authorization metrics. The report shall include details of security authorization activities, delays and recommendations for meeting timelines for compliance. Additionally, the reports shall summarize the work completed and milestones met to include metrics. Provide weekly/monthly reports in support of general security activities, meeting minutes, user feedback and propose process improvements accordingly to Federal Lead. Develop security documentation and provide MGMT Component trainings for various subject areas as requested by Federal Lead on a schedule or on an ad hoc basis. Provide support for MGMT-HQ quarterly Compliance meetings with Portfolio Management Division (PMD) and Assessment branches, to include planning of agenda, presentations, and meeting minutes.
FISMA Metrics, Reporting and Continuous Monitoring Support: Provide research and development support of data analytic and data management technologies including those associated with collecting, analyzing, parsing, and reporting large volumes of data that may support the MGMT Component Compliance and DHS CISOD Continuous Monitoring. Represent MGMT-HQ Compliance by engaging and supporting CISOD Working Group meetings.
Provide MGMT Component Security SME inputs to support DHS Department wide Working Groups for recommendations for improvement of FISMA metrics, and continuous monitoring. Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and selfreported data to identify trends and anomalies cybersecurity performance and mitigation of risk.
Reporting: Utilize available data analytics tools to create risk models and reports in support of MGMT-HQ. Utilize available tools to create custom dashboards and scheduled reports to support MGMT-HQ Compliance management.
Compile data, organize information, and prepare routine reports per required frequency and ad hoc reports for review and submission by federal staff. Draft analysis findings, presentations, point papers, after action reports,
gap analysis, business impact analysis and other analytics documentation as directed. Assist federal staff in identifying reporting processes which can be automated for better efficiency and reduced resource cost. Maintain associated task and request trackers per required frequency.
Risk Management, Compliance and Oversight Support: Provide support of MGMT-HQ security authorizations, MGMT-HQ inventory, security training and outreach in support of the MGMT-HQ community, and inputs to MGMT-HQ policy, and procedures and guidelines. Prepare security authorization packages for Federal Management review and approval. Create authorization memos, per MGMT-HQ Component requirements, collect supporting artifacts and documentation and identify risk weaknesses to present to component management. Support and develop process to support compliance team. Provide input to Federal Compliance management for reporting of the status of predetermined government assessment priorities and status of deliverables for weekly to the Federal CISOD PM/DPM, the Federal Compliance Manager, and the Contractor PM. Provide cybersecurity SME support for program and systems to include security authorization guidance in support of assessment readiness, risk and threat assessments, and continuous monitoring activities. Informing MGMT-HQ stakeholders of system related compliance activities, i.e., FISMA scorecard, POA&M resolution issues, Authority to Operate
(ATO), Contingency and Contingency Test Plan and Privacy Threshold Analysis (PTA) expirations. Provide guidance and support to MGMT-HQ Stakeholders post assessment POA&M Consolidation and Remediation Plans development for MGMT
Systems for Compliance Management approval. Provide quality assurance of all security authorization documentation and other documentation to supports MGMT-HQ Compliance and the FISMA systems. Review, analyze, monitor, and report on DHS MGMT-HQ FISMA Metrics for programs and systems within the portfolio; report any discrepancies to the Federal Compliance Manager, ISSO and ISSM. Develop security authorization Packages and other compliance documents
to be routed for DCISO and AO approvals and signature. Prepare reports on the aggregate risk for systems in supported programs. Provide risk determinations in support of security authorization, weakness remediation, and audit activities.
Attend SDLC/SELC project meetings for in support of MGMT-HQ systems, review system business requirements against NIST and DHS security controls requirements to identify gaps and discuss solutions/mitigations,
risk rate the identified gaps and raise risks to the Federal Compliance Manager and Federal Information System Security Manager. Provide review and support to MGMT-HQ system stakeholders as they perform security impact analysis based on changes to information systems. Provide Risk Management Framework (RMF) process and preparation support to system stakeholders; provide guidance on outstanding issues and risks identified to support system readiness for security assessments. Advise and send monthly correspondence to stakeholders on expired and upcoming expiring Contingency Plan (CP)/Contingency Plan Testing (CPT), Annual Self Assessments, POA&Ms and Privacy documents.
Provide weekly report on outstanding tickets from MGMT-HQ tracker. Provide monthly reporting to Federal Management on FISMA Scorecard Metrics for Security Authorization and Information System Compliance
Metrics (ISCM) quality issues for systems in MGMT-HQ portfolio. Review DHS MGMT-HQ FISMA Inventory Change Request prior to submission to the MGMT Compliance Designee for processing. Attend weekly Compliance Team meetings and provide reports in the approved format on the status of requested FISMA Compliance activities. Provide support to stakeholders, as needed, to support updates to Information System Security Officers (ISSO), Information System Security
Manager (ISSM), and System Owner Designation Letters. Provide updates to MGMT-HQ. Update all pertinent information for all system within the designated DHS MGMT-HQ FISMA portfolio repository. Develop and update relevant MGMT-HQ FISMA Compliance SOPs on a quarterly basis. Provide guidance and support for all assigned security authorization activities. Prepare and deliver all requested security authorization artifacts and reports. Review and analyze DHS policy to identify discrepancies. Update and maintain tasks and project status on the DHS Headquarters Compliance Team SharePoint Site daily or as suggested by the Federal Compliance Manager. Review and analyze Department Reports and notify (weekly, unless directed otherwise) ISSM, ISSO and Compliance Manager of deficiencies.
Weakness Management Support: Develop, maintain and update MGMT-HQ POA&M procedures to review POA&M weakness remediation activity for effectiveness and quality. Develop MGMT-HQ documentation and provide trainings for various subject areas as requested by Federal Lead on a schedule or on an ad hoc basis. Manage and track the MGMT-HQ POA&M Internal Review Board (IRB) meeting activities. Plan, host and provide meeting minutes and action items on POA&M meetings held with Stakeholders. Manage and update Remediation Plan Guidance, SOPs, Trainings and Templates. Report weekly and monthly with a summary of the IRB progress as defined by Federal POA&M Lead. Review POA&M quality against quality metrics to ensure accurate entry into DHS FISMA Compliance Tool and track remediation action on POA&Ms to completion. Be able to read and review vulnerability and compliance scans and
remediation artifacts to determine if the weakness has been mitigated or resolved. Review, route, process, and upload (in DHS FISMA Compliance tool) all approved MGMT-HQ waivers and risk acceptance documentation.
Review and approve all MGMT-HQ POA&M closures.
Ongoing Authorization Security Services: Provide guidance and support to all MGMT-HQ systems on Ongoing Authorization (OA) processes and procedures. Review MGMT-HQ OA documents and develop the OA Submission
package and its contents. Conduct monthly reviews of OA systems to ensure they are meeting OA program requirements. Organize, prepare, participate in, and sometimes run the monthly Organizational Risk Management Board (ORMB) meeting to include release of meeting minutes to attendees. Validate the System Motives are accurate and corresponds to the annual OA assessment frequency requirements. Conduct annual assessments as required for OA systems. Ensure the MGMT-HQ OA Program strictly abides by the DHS Ongoing Authorization Methodology. Draft and propose Standard Operational Procedures (SOP) as requested by the government and shall review/update all SOPs annually.
Minimum Qualifications: Bachelor's Degree in Computer Science or related field. Minimum 10 years of relevant experience. Must hold an active SECRET security clearance
Flexible work from home options available.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Rigil Corporation
About Rigil
Rigil is an award-winning, woman-owned business that specializes in technology consulting, strategy consulting and product development. We value teamwork and strive to build strong leaders.
Company Website: