Information Systems Security Auditor
|Falls Church, Virginia - United States
contact recruiter for details
WHY IS THIS A GREAT OPPORTUNITY?
Location: Falls Church, VA
Seeking a professional and experienced CERT-RMM Information System Security Auditor to join our team. The chosen candidate will manage evidence submission process and storing of submitted work products. The candidate will serve as the CISOs Cybersecurity SME on CERT-RMM Appraisal process.
- Reviewing and validating correctness, relevancy, and completeness of work products (a.k.a. objective evidence) generated by various CISO teams demonstrating that they have instantiated one or more of the 540 CERT-RMM practices. Categorizing instantiation of each of the RMM practices on a FILIPINI scale (NI=not implemented, PI=partially implemented, LI=largely implemented, FI=fully implemented).
- Reviewing and validating correctness, relevancy, and completeness of work products (a.k.a. objective evidence) generated by various CISO teams demonstrating that they have addressed (implemented) one or more of the 600+ improvement recommendations (a.k.a. RAW recommendations). Categorizing each recommendation either as completed or not.
- Update the value of the CISO’s Cybersecurity Program Progress Metric (CPPM) on a weekly basis.
- Certified in either SEI-Certified CERT-RMM Lead Appraiser or Certified SCAMPI Lead Appraiser (CMMI for Services)
- Complete Software Engineering Institute’s (SEI) Introduction to the CERT Resilience Management Model Training course (3 days)
- Considered a Cybersecurity subject matter expertise (SME)
- Possess the highest level of integrity with superior customer service skills,
- Previous hands-on experience with CERT-RMM
- CERT-RMM and/or CMMI appraisal experience
- Familiarity with postal mail processing operations
- Familiarity with postal digital environments (both enterprise IT environment and mail processing environment)
- Over 8 years’ experience working as an Information Systems Auditor for an information technology, information assurance, or information management program
- Bachelors Degree (required) or Masters Degree, PhD or JD in a technical specialty such as cyber security, computer science, management information systems or related IT field.
- Certification in one or more of; Systems Security Certified Practitioner (SSCP), CompTIA Security +, GSNA – GIAC Systems & Network Auditor, CISA – Certified Information Systems Auditor
- Demonstrable experience across broad spectrum of cybersecurity tools
- US Citizenship status and Active DoD Secret Clearance
University - Bachelor's Degree/3-4 Year Degree