Note: The job is a remote job and is open to candidates in USA. Concept Plus is a growing consulting firm headquartered in Fairfax, VA, seeking a Cybersecurity Policy and RMF Analyst. The role involves providing Risk Management Support to identify shortfalls in the assessment and authorization process, tracking and managing Risk Assessments, and implementing a Risk Management strategy.
Responsibilities
- Adhere to the DoD cybersecurity policy requirements set forth in DoDI 8500.01, "Cybersecurity," and DoDI 8510.01, "Risk Management Framework (RMF) for DoD Information Technology (IT)" and their successors
- Monitor identified risks and track response actions to ensure they support the customer Risk Management Strategy and are properly documented in a risk registry
- Provide recommendations to business and IT leaders on best business practices followed in the industry to mitigate or remediate risks · Schedule, conduct, and track RMF validations for each IT Portfolio
- Review of security controls, as part of a risk assessment, as needed to support an Authorization to Operate (ATO) of an investment
- Review vulnerabilities and identify potential risks based on the type of vulnerability and the potential impact
- Identify actions needed to protect information flows to ensure adherence to legal and regulatory standards
- Coordinate the development of plans and procedures to ensure that business-critical services are recovered in the event of a digital risk event. · Facilitate and support the development of asset inventories, including digital assets in cloud. · Track all technology requests
- Track open vulnerabilities and provide a status on each open risk for each IT Portfolio / Investment. Ensure POAMs are current and reflects all known weaknesses
- Stay up-to-date with the latest Azure and FedRAMP regulatory changes and industry trends, advising teams on potential impacts and necessary adjustments
Skills
- US Citizenship
- Active DoD Secret Clearance (or able to obtain)
- Bachelor's Degree in an IT related field
- Meet DoD 8570 Information Assurance Technician (IAT) Level II or Higher (Sec+ CE or Higher)
- 3+ Years Experience with the Risk Management Framework Process
- 3+ Years Experience operating the Enterprise Mission Assurance Support Service Application (eMASS)
Benefits
- Competitive pay
- Comprehensive health insurance
- Dental and vision insurance
- Paid life insurance
- Paid time off
- 11 paid holidays
- Bonuses
- Tuition reimbursement
- Unlimited training
- Opportunity to work in a collaborative, flexible, innovative environment
Company Overview