Cybersecurity Specialist

Position Summary

The Cybersecurity Specialist will play a critical role in evaluating, managing, and strengthening cybersecurity controls to ensure compliance with federal regulations, including NIST 800-53 v5 and NIST 800-37. The ideal candidate will have expertise in conducting security control assessments, supporting the Risk Management Framework (RMF) process, and managing the Security Assessment and Authorization (SA&A) lifecycle. This position requires extensive experience in federal government and financial services environments, with a deep understanding of FISMA compliance and privacy controls.

Key Responsibilities

• Perform detailed control assessments in accordance with NIST 800-53 v5 and NIST 800-37, ensuring compliance with FISMA requirements.
• Lead and manage the Security Assessment and Authorization (SA&A) process, including documentation, evidence collection, and validation of control effectiveness.
• Support the implementation and ongoing maintenance of the Risk Management Framework (RMF), ensuring all steps are completed accurately and on schedule.
• Evaluate and document security and privacy controls for federal government and financial services environments.
• Conduct system security assessments and develop artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms).
• Collaborate with cross-functional teams to identify and mitigate cybersecurity risks, providing recommendations for improving compliance and security posture.
• Analyze, report, and communicate assessment findings to stakeholders, including senior management and external auditors.
• Stay updated on evolving federal cybersecurity standards, frameworks, and best practices to ensure client systems remain compliant.
• Provide guidance on privacy requirements and their integration with security controls.

Qualifications

Required Experience and Skills:

• MUST BE A U.S. CITIZEN
• 5-7 years of experience performing cybersecurity control assessments, with expertise in federal government and financial services sectors.
• Deep knowledge of NIST 800-53 v5 and NIST 800-37, including control families, privacy controls, and compliance requirements.
• Experience with FISMA compliance and the ability to perform assessments in federal environments.
• Proven expertise in the Risk Management Framework (RMF) process and SA&A lifecycle, including the development of security artifacts.
• Familiarity with privacy regulations and their implementation within security programs.
• Strong understanding of security assessment tools, methodologies, and reporting.
• Exceptional analytical, documentation, and communication skills, with the ability to present complex findings clearly to stakeholders.
• Bachelor’s degree in Cybersecurity, Information Technology, or related field.

Preferred Qualifications:

• Certifications such as CISSP, CISM, CAP, or CRISC.
• Experience working with financial services regulatory frameworks, such as PCI-DSS, SOX, or GLBA.
• Familiarity with vulnerability management tools and techniques.