Chenega Corporation Cyber Risk Analysis SME in Washington, District Of Columbia
Cyber Risk Analysis SME
Washington, DC Join our Talent Network
TheCyber Risk Analysis Subject Matter Expert shall work on establishing or enhancing the process to support activities in the areas of Cyber Risk Management.
Duties and Responsibilities:
• Engage in roles and responsibilities of critical agency stakeholders, users, and authorities.
• Utilize the Analysis-of-Alternatives process for selecting the tools to be used to support cyber risk efforts within the Treasury Department.
• Develop a process for integrating Treasury Department risk analysis tools and how they shall be utilized to prioritize cyber risks.
• Develop a process for the identification of cyber risk that could stem from vendors, misconfiguration, threats, and/or compliance requirements.
• Develop a process for educating Bureaus on CSRO and the associated cyber risks.
• Develop a process for communicating specific cyber risks to leadership and/or cyber risk stakeholders.
• Develop a process and estimated schedule for program implementation.
• Utilize Work Breakdown Structure (WBS) for program development and implementation.
• Known challenge areas/best practices related to developing and implementing a cyber risk program.
• Provide program management for implementation and maintenance of identified risk management activities, ancillary support services, or any other activities awarded via this task order to the respective contractor (contractors shall not have oversight responsibilities of other contractors).
• Knowledge transfer activities to ensure the adequate transition of risk management efforts to federal leads.
• Shall make available identified artifacts developed during the performance of all tasks under this task order.
• Provide traceability for program requirements across the lifecycle from collection to implementation.
• Identify and recommend solutions to enhance and optimize supported risk management functions.
• Develop meeting summary reports following the attendance of formal recurring, scheduled, and ad hoc meetings.
• Provide management services to interface with the federal PMs and/or COR and plan, organize, manage, staff, and control all work awarded to the contractor under the contract.
• Refine, document, and maintain the relevance and applicability of the ACIO/CS risk management artifacts, including Quality Assurance and Quality Control, processes, and procedures, and maintain within the approved Treasury Department shared document repository.
• Prepare contract deliverables by the contract data Requirements/deliverables list.
• Address questions from internal and external audits and examinations.
• Facilitate IT security/risk training curriculum.
• Serve as project manager/lead within IT security projects.
• Complete annual company and customer-required training, as required.
• Complete the timesheet daily in the online system according to company policies and procedures.
• Travel up to 10% as required.
• Other duties as assigned.
Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)
• Bachelor’s degree.
• 7+ years of cybersecurity and/or cyber analyst work experience is required
• Position requires senior-level technical expertise with specialized experience in cybersecurity and interoperability for complex hardware, software, and automated information systems.
• Must be a U.S. citizen or lawful permanent resident alien with 3+ years of U.S. residency from the legal entry date into the United States
• Public Trust is required and must have the ability to obtain and maintain a favorable Department of Treasury background investigation for the life cycle of the project
• The position requires a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief.
Knowledge, Skills, and Abilities:
• Possess experience in the subject matter at a similar size, scope, and complexity as required by this task order.
• Experience with Enterprise Cyber Risk management or Supply Chain Risk Management.
• This individual should have knowledge, skills, and abilities in one or more of the following Cybersecurity Concepts, Risk Management Framework, FAIR, Federal Supply Chain requirements, Vendor Risk Assessment Analysis, Cyber Security Framework, and Cyber Risk Prioritization methodologies.
• Ability to capture high-level technical information clearly and concisely.
• Possess strong communication and organization skills.
• Be highly motivated, independent thinker, and team player, with a sense of urgency, and the ability to meet management and customer deadlines in a fast-paced environment.
• Must have the ability to communicate with others effectively both orally and in writing.
• Must have the ability to attend all customer in-person meetings and conferences as requested.
• Ability to multi-task in a high-stress, performance-based environment.
• Ability to establish priorities and meet established deadlines.
• Maintain a high level of integrity and accountability.
• Possess strong problem-solving and leadership skills.
• Ability to work nights, weekends, and holidays as needed.
• Ability to travel up to 10% as required.
Join our Talent Network