GRC Program Manager - XOR Security Washington, D.C., USA Bookmark Share Print 754 0 0

Listing Description

Job Description: 

XOR Security is currently seeking a Governance, Risk and Compliance PM. The ideal candidate will lead the team in the performance of Assessments & Authorization (A&A), Information Security Continuous Monitoring (ISCM), and Ongoing Authorization (OA) activities for a government Agency. Emphasis will be placed on ensuring that the Policy & Planning Branch has a positive and productive working relationship with the internal divisions and external federal partner agencies. The PM must have SME knowledge of all applicable Federal cybersecurity mandates, how and where these mandates tie into Agency orders, policies, instructions, standards, handbooks and guides, and the impact of the security requirements on Agency specific systems and mission. Deep understanding and implementation of NIST guidance in relation to Risk Management Framework (RMF) is critical for success in this position. 

  *** Hybrid - 2 days a week on site in Washington, D.C.

Required Qualifications: 

• 10+ years of experience in cybersecurity, of those, at least 3+ years in security, preferably in GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc) leading teams larger than 20 resources.
• Bachelor’s Degree required (Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering).
• CISSP, CISA, CRISC, CISM or other industry-level cyber certification required
• Demonstrate experience with development and update of policies to align with OMB, DHS, NIST, CNSS, ICD, Congressional and other cybersecurity mandates, and directives.
• Experience with Application Security Audits and Risk Scoring.
• Experience ensuring controls meet legal, regulatory, privacy, policy, standards and security requirements.
• Maintain updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO, NIST 800-137, NIST 800-53, NIST 800-34 etc..

Desired Qualifications: 

• Identify and report enterprise security posture and system vulnerabilities using risk analytics, metrics generation, and other techniques as needed.
• Support risk management by maintaining visibility and comprehensive situational awareness of the cyber threat landscape impacting the Agency.
• Reduce cost and optimize agency cybersecurity posture through reduction, reciprocity, and increased automation.
• Deliver measurable cybersecurity milestones and
• Continuous improvement with regulatory and policy alignment with Federal mandates.
• Enhance cybersecurity RMF implementation.
• Lead and coordinate High Value Asset (HVA) program activities.
• Ensure Plans of Action and Milestones (POA&M) coordination and reporting activities are briefed to CFTC leadership as required by Binding Operational Directives.
• Prepare responses to official requests for information from OMB, DHS, or any other agency in regard to Information Security related statistics or data.
• Provide architecture and technical guidance on enterprise-wide cybersecurity programs.

Job Duties Include: 

• Support the development and enhancement of security dashboards using a GRC application such as CSAM / eMASS / XACTArepositories to provide role-based views to agency executives, managers, system security officers, and key stakeholders 
• Lead a team that manages IT Security Assessment & Authorization (SA&A) packages, in a format agreed upon during A&A project commencement, using automated and manual inputs
• Provide technical guidance and best practices to ensure that the agency achieves maximum value from its IT investments
• Create documentation that outlines how the various dashboards fit together, the analysis that should be performed on each, and what deliverables would allow for appropriate management information and higher-level dashboard creation
• This is a hybrid schedule of telework and onsite; requires onsite at least 3x a week within the DC-metro area. Onsite requirements may change at the client’s discretion.

Closing Statement: 

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits. 

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V. 

Citizenship Clearance Requirement 
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED with no dual citizenship.