Title: Sr. Enterprise Governance Risk and Compliance (eGRC) Specialist (HRSA_7A)
Location: Rockville, MD (50% remote after 90 days)
CyberData Technologies, Inc., an established technology solution provider based in Herndon, Virginia, is looking to expand its growing team. We are an industry leader in data warehousing and business intelligence for both government and commercial clients. CyberData ranked 30th Fastest Growing Federal Contractors in Washington Technology Fast 50, and is an Inc. 500 company. Our employees are our greatest assets and we are committed to their professional development and growth. We provide competitive salaries, bonuses, generous benefit packages, and paid time off to balance work and personal commitments.
CyberData Technologies Inc. is currently hiring an experienced Enterprise Governance Risk and Compliance (EGRC) SPecialist for our federal client located in Rockville, MD. The Specialist will be tasked with a variety of assessment and analysis duties, including:
- Assist in the integration of security assessment and authorization (SA&A)
- Assist in driving high-profile and high-impact projects involving complex eGRC and risk management challenges.
- Perform gap assessments between security and risk leading practice frameworks and clients risk and control frameworks, and advice on remediating gaps.
- Work in teams to design and establish or transform IT risk management, governance, and compliance programs based on clients business structures, strategies, and priorities.
- Advise on, develop, and implement processes around risk identification, assessment, and remediation, including issues management, exception management, vendor risk management policy management, and security incident and vulnerability response.
- Advise on, and assist clients to implement eGRC platforms and solutions.
- Develop training materials and other communications to increase employee understanding and awareness of security and risk issues.
- Translate business requirements into technical requirements.
- Communicate eGRC technology capabilities into business terms for stakeholders.
The EGRC Specialist will also be tasked with a variety of assessment and analysis duties, with at least 7-10 years' experience with:
Overseeing the development of authorization packages, approximately 20 annually. The contractor will be responsible for reviewing the authorization package prior to submission to federal risk management lead. Developing guidance documentation and templates to assist Information System Security Officers and corresponding support staff with meeting SA&A requirements. Serving as a Subject Matter Expert for the HRSA eGRC solution. FISMA Analysts will be responsible for performing the following activities associated with the HRSA eGRC solution: Creating records for information systems and components Monitoring information systems and components to ensure all required information is documented Provision accounts for new users and manage permissions for existing users Train new users Provide assistance for all users. Assisting with continuity of operations/contingency planning at the system level as well as HRSA-wide in compliance with NIST and HHS guidance. FISMA analysts will provide oversight for system level contingency planning and testing activities. Assisting in developing and maintaining security policies, procedures, standards, guidelines and technical reports Reviewing HHS policy and NIST documentation and provide feedback. The Specialist shall develop executive briefing books and other supporting reports. The Specialist shall work with federal staff to obtain information for executive briefing books and other supporting reports and consolidate as needed.
- Ensuring that HRSA systems are in compliance with OMB Circular A-130, Federal Information Security Management Act (FISMA) and other federal laws and regulations, FIPS Standards, NIST guidance, as well as HHS and HRSA directives.
- Working directly with System Owners and Information System Security Officers to provide Security Assessment and Authorization (SA&A), eGRC tool assistance, and disseminate guidance from the HRSA Office of Information Security and Privacy (OISP).
- Serving as a Subject Matter Expert for SA&A requirements and work with Information System Security Officers to ensure that SA&A requirements meet HHS and HRSA standards. FISMA Analysts will be responsible for reviewing, at a minimum, the following SA&A requirements:
- FIPS 199 Security Categorization
- Privacy Impact Assessment
- System Security Plan
- E-Authentication Threshold Analysis/Risk Assessment
- Risk Assessment
- Plan of Action and Milestones
- Configuration Management Plan
- Contingency Plan
- Contingency Plan Test
- Security Assessment Report
- #1 requirement is strong skills in the RSA Archer EGRC platform.
- Outstanding writing and verbal communication skills
- Federal security experience in risk management and other security areas
- Experience in IT Security/FISMA Risk Management Framework to lead the development and writing of policies, procedures, templates and guidance
- Play active role in managing the security authorization process
- Revamp security and privacy policies and supporting the team in developing and writing SOPs and Guides
- Experience leading the risk management team in reviewing documents from customers and working in a support role with the system owners and ISSOs
CyberData Technologies, Inc., is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.