Full Job Description
Steel Point Solutions is an amazing SBA Certified (8a), HUBZone, Small Disadvantaged Business (SDB) and a Woman Owned Small Business (WOSB) company. Established in 2013 with a vision of offering world class, integrated business solutions for all levels of Government and commercial enterprises. We are represented by a team of talented and qualified professionals who know how essential efficient, cost-effective integrated solutions are to your organization’s success. Leveraging these resources, we strive daily to lead the industry in program management and service delivery.
This is a project-based position.
Steel Point Solutions is seeking a Risk Management Framework Consultant to join our professional consulting delivery team staffed by a dedicated group of information security subject matter experts that pride themselves on providing the very best services to our diverse customer base. Steel Point is looking for a highly qualified individual that can bring their expertise, leadership and knowledge to both help our team grow and to help us service numerous clients within the Defense Industrial Base.
Along with billable consulting, this role will require strong soft skills. The candidate should possess excellent customer service skills, excellent organizational skills, problem-solving skills, and solid report writing abilities.
Assessing the security posture of managed service customers
Conducting gaps and risks assessments and providing recommendations to enhance the security posture of the information system of our customers.
Providing technical and thought leadership and developing security programs and information security policy.
Performing risk assessments and gaps assessments for identified customers
Drafting security standards, policies, processes, and guidelines in compliance with NIST 800-171
Advising the security leadership and relevant staff of identified customers on risk management issues and providing recommendations, guidance, and support relevant to agency implementation
Coordinating with business units, and other stakeholders across the organizational matrix (including technology, legal, risk, compliance, and ecosystem partners) to assess, implement, and monitor security risks and mitigations
Assessing information systems for compliance with the NIST RMF and the associated security controls
Conducting system security categorizations, security control assessments, and risk assessments, and providing recommendations to enhance the security posture of the information system
Drafting agency specific policies, procedures and templates to allow thorough and accurate control assessments, risk analysis, and final documentation
Creating relevant training materials for customer repository
Developing Plan of Action and Milestones (POAMs) and Technical Implementation roadmaps to assist customer with creating a robust security and cloud environment
Providing guidance and expertise for proposed network security architecture projects
Contributing to the advancement of the security monitoring program through thought leadership and guidance on tools, technologies, and processes that provide automated and proactive detection and prevention
Developing and improving process/procedure manuals and related documentation
Bachelor's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field, or ten years of related experience in lieu of degree
Minimum Work Experience
8+ years of relevant consulting or industry experience
5+ years of information security and controls experience (NIST, ISO)
4+ years of experience in cybersecurity documentation and system authorization artifacts (System Security Plan, lifecycle documentation, continuous monitoring plan, Security Assessment Plan, Security Assessment Report, Risk Assessment, etc.)
Demonstrated responsibility for on-time delivery of all in-scope deliverables
Experience conducting risk assessments and gap analyses
Experience leading risk assessments, audits, policy, governance, and/or reporting, preferably within the Defense Industrial Base
Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences
Exposure to multiple security domains: risk, operations, architecture, exercises, training, etc.
Ability to work independently to determine and develop a risk assessment approach to proposed new agency solutions, only needing review upon completion for adequacy in meeting objectives
Ability to interpret and provide consulting on the development of security guidance, complex system security requirements, and serve as a RMF SME at key stakeholder meetings
Breadth of knowledge across many cybersecurity frameworks and standards with implementation experience in at least one (e.g. NIST CSF, NIST RMF/800 series, ISO/IEC 27001/2, OWASP, Mitre ATT&CK framework, SNAS CIS, etc.)
Knowledge skills in NIST 800-53, NIST 800-171, and FedRamp Cloud Security
CISSP, CMMC Registered Practitioner, C&A, RMF, Continuous Monitoring, CISSM, CAP, CISA, or CERP certification
5+ years in reviewing, analyzing, and documenting the secure implementation of logical controls, physical controls, environmental controls, personnel security and incident handling
4+ years in cybersecurity domains inclusive but not limited to: advanced threat readiness and protection, application protection, identity and access management, cloud security, incident response, information privacy and protection, cyber risk analytics and vulnerability management
Demonstrated experience conducting security control assessments (i.e. Security Impact Analysis, Business Impact Analysis) independently
Experience with CUI classification and NARA regulations for protection of CUI data
Critical thinking/analytical skills, creativity, proven drive for quality, and excellent technical oral and written communication skills
Migrating systems from on-prem to cloud
Has strong organizational skills and an ability to stay focused while managing multiple tasks concurrently
Proficient knowledge and experience with Microsoft Office products, including Word, PowerPoint, Excel, and SharePoint.
Prior experience supporting the government agencies a plus
Understanding of federal government business processes supporting IT programs, networks, and/or cybersecurity programs
Note: This is primarily a remote position. However, based on client needs or project needs, occasional travel to the Headquarters office or client site may be required. .
Steel Point Solutions, LLC is an Equal Opportunity Employer, Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.