Information Security Specialist, Junior

Full-Time in DC, US - Mid Level

Gray Tier Technologies is seeking an Information Security Specialist with an active Secret-level clearance to support our DOI OCIO Cybersecurity Branch.

1-3 years of experience required
Bachelor’s degree (BA/BS) required
Manages extensive evaluations of enterprise-wide information security networks, prepares evaluation reports, presents recommendations.
Conducts trade off analyses of products to determine optimal informant security solutions.
Provides consulting services on a wide variety of information assurance topics.
Provides recommendations on information assurance engineering standards, implementation dependencies, and changing information assurance-related technologies.
Prepares remedial options and supervises correction of information security shortfalls.
Works independently and provides leadership across cybersecurity team in expert role.
Maintains expertise in evolving cybersecurity threats.
Cybersecurity certification and two additional years of experience can substitute for bachelor’s degree.

Job responsibilities may include:

Facilitate development and communication of agency-wide policies and guidance for implementation of emerging mandates and other government-wide initiatives related to Cybersecurity Risk Management (i.e., Cybersecurity & Infrastructure Security Agency (CISA) Directives and Office of Management and Budget (OMB) Mandates)
Develop and support processes for consolidating DOI-wide Cybersecurity risk information and incorporating into the DOI Enterprise Risk Register.
Update and maintain DOI-wide Cybersecurity Rick Management Strategy and Guidance documentation (i.e., Cyber Risk Strategy, Continuous Monitoring Strategy, C-SCRM strategy, etc.)
Develop and maintain processes to enable Cybersecurity Rick analysis from an agency-wide perspective. This includes but is not limited to IT hardware and software vulnerabilities, exceptions to egress network access and filtering policies, IT acquisitions and exceptions to required DOI IT configuration management standards.
Support development, maintenance and tracking of DOI enterprise C-SCRM implementation plan.

Develop and maintain Standard Operating Procedures (SOPs) and required supporting materials for C-SCRM program operations.
Examples include but are not limited to:
Enterprise Cybersecurity Supply Chain Risk Assessment Standards
Processes for integrating/tracking C-SCRM data in the DOI Cybersecurity GRC tool. (Xacta360 or similar)
C-SCRM Control Implementation Standards
C-SCRM Planning guidance
Counterfeit Detection Reference Guide
Support development and management of agendas for monthly and ad-hoc DOI C-SCRM working group meetings.
Support development and management of agendas for monthly DOI HVA Program Managers working group meetings.
Develop and maintain SOPs and required supporting materials for HVA Program Operations. Examples include but are not limited to:
DOI HVA program Managers Handbook
HVA Identification and Prioritization
Annual HVA Data Collection and Reporting
HVA Assessment Planning Guidance and Checklists
Support HVA Data Collection and Reporting Processes
CISA BOD-18-02 data call (annual)
HVA FISMA Metrics (quarterly)
Federal Information Technology Acquisition Reform Act (FITARA) (annually)
CISA HVA Vulnerability Remediation Status Reports (monthly)
Deliverables for Cybersecurity Risk Management Program Support include, but are not limited to the following:
Agency Cybersecurity Policy, Strategy, Guidance and Process documents
Cybersecurity Risk Management presentations and training documents
Cybersecurity Project Management Plans
Quarterly/Annual HVA and other Cybersecurity Compliance Reports
Meeting agenda and logistics plans
Risk Analysis/Assessment Reports
Cybersecurity Risk Registers