Information Risk Manager
Phase One Consulting Group is seeking is a Information Risk Manager with previous experience strengthening the Security of enterprise IT systems for a Federal government agency. This role is responsible for identifying, analyzing and recommending remediation strategies for information technology and information security risks.
The Information Risk Manager will be expected to develop actionable strategies to address overall risk to systems and information introduced through recommendations to IT systems owners and management. In addition, the Information Risk Manager will support the design and implementation of an Information Security Continuous Monitoring program.
This position requires hands-on technical expertise to assess how the threats will manifest and how to prioritize the deployment of effective defenses. Candidates must understand NIST documents like SP 800-30, SP 800-37, SP 800-53 revision 4, SP 800-39 and SP 800-137. The ideal candidate is able to understand the threats and vulnerabilities associated with the system or network, identify the likelihood of the threat exploiting the vulnerability, and work with the information system owner to determine the impact to the organization if the data was compromised and develop mitigation strategies. Lastly, the Cybersecurity Analyst ensures that documentation is accurate and complete. The individual should have strong communication skills and be willing to take initiative in a dynamic, client-facing environment.
- Analyze information across mission areas to capture key areas of intake, processing and dissemination
- Provide appropriate FIPS 199 impact level designations and identify appropriate security controls
- Design and implement an Information Security Continuous Monitoring strategy
- Tailor security controls and design security solutions that scale based on mission needs, organization size and federal requirements
- Prioritize and apply OMB and FISMA mandates, DHS directives and NIST best practices based on mission needs and organization size
- Conduct Security Impact Analyses (SIAs) that articulate risk and recommendations
- Perform routine vulnerability scanning, analysis of results, and prioritize recommended remediation
- Research alternatives and recommend alternative solutions for information security problems based on experience and security best practices
- Minimum 8 years of experience in Information Security, with a concentration in Federal government environments
- Detailed understanding of OMB and FISMA mandates, DHS directives and NIST best practices surrounding Information Security
- Understanding of Network, Platform and Application Layer Security implementations
- Sound understanding of all FIPS and NIST Special Publications, including FIPS 199, 800-18, 800-30, 800-37, 800-39, 800-53, 800-60, 800-100, 800-115 and 800-137
- Familiarity with common Security tools – Multi-Factor Authentication, SIEM, NAC, Web Application Firewall, MDM, Nessus, Retina, ForeScout, App Detective, DB Protect, Fortify, Hailstorm, Microsoft Active Directory & Group Policy, etc.
- Excellent oral and written communication skills
- Candidates must be able to work on-site at Federal Agency located in McLean, VA, and must possess an active, recent (within the past 3 years), favorably-adjudicated U.S Federal government clearance (National Public Trust or higher)
- Bachelor's degree in Information Systems, related discipline or equivalent experience
- CISSP, CISM, or similar industry certification preferred
Meet Some of Phase One's Employees
VP, Services Division
As the chief coordinator of Phase One’s Services Division, Jodi’s responsible for transforming the productivity of federal agencies with the most efficient and modern technologies and support.
Back to top