Job Description
General Responsibilities:
- Lead comprehensive risk assessments, vulnerability scans, and security audits across enterprise systems.
- Develop and implement cybersecurity policies, procedures, and incident response plans aligned with NIST, FISMA, and FedRAMP requirements.
- Provide security architecture guidance for IT, cloud, and automation systems to ensure secure design and integration.
- Oversee compliance activities and ensure adherence to federal cybersecurity and privacy regulations.
- Manage incident response, forensics, and recovery coordination, including root-cause analysis and reporting.
- Implement and monitor access control, encryption, and endpoint protection mechanisms to safeguard sensitive information.
- Support security governance, risk tracking, and audit preparation for internal and external assessments.
- Collaborate with IT, data, and automation teams to embed security-by-design principles into all modernization efforts.
- Conduct cybersecurity awareness and training programs to promote a culture of security and compliance.
- Stay current with emerging threats, vulnerabilities, and evolving regulatory standards to continuously improve GWRC s defenses.
Minimum Qualifications:
- Education: Bachelor s or Master s degree in Cybersecurity, Information Assurance, Computer Science, or related discipline.
- Experience:
- 7 10 years of experience in cybersecurity operations, governance, and risk management.
- Proven track record conducting enterprise security assessments, compliance audits, and incident response.
- Experience advising large-scale IT or government programs on security architecture and mitigation strategies.
Technical Expertise:
- Strong understanding of NIST SP 800-53/171, FedRAMP, FISMA, CIS Controls, and Zero-Trust Architecture.
- Proficiency in SIEM tools (Splunk, Microsoft Sentinel), vulnerability management tools (Nessus, Tenable, Qualys), and endpoint security (CrowdStrike, Defender).
- Hands-on experience in cloud security (AWS, Azure, or GCP), IAM, PKI, firewall configuration, and network security.
- Familiarity with incident detection, SOC operations, and digital forensics tools.
Preferred Certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- AWS Certified Security Specialty or Microsoft Certified: Cybersecurity Architect Expert (SC-100)
- Certified Cloud Security Professional (CCSP)
- NIST Risk Management Framework (RMF) Practitioner or ISO 27001 Lead Implementer
Job Tags