Job Description

General Responsibilities:

• Lead comprehensive risk assessments, vulnerability scans, and security audits across enterprise systems.
• Develop and implement cybersecurity policies, procedures, and incident response plans aligned with NIST, FISMA, and FedRAMP requirements.
• Provide security architecture guidance for IT, cloud, and automation systems to ensure secure design and integration.
• Oversee compliance activities and ensure adherence to federal cybersecurity and privacy regulations.
• Manage incident response, forensics, and recovery coordination, including root-cause analysis and reporting.
• Implement and monitor access control, encryption, and endpoint protection mechanisms to safeguard sensitive information.
• Support security governance, risk tracking, and audit preparation for internal and external assessments.
• Collaborate with IT, data, and automation teams to embed security-by-design principles into all modernization efforts.
• Conduct cybersecurity awareness and training programs to promote a culture of security and compliance.
• Stay current with emerging threats, vulnerabilities, and evolving regulatory standards to continuously improve GWRC s defenses.

Minimum Qualifications:

• Education: Bachelor s or Master s degree in Cybersecurity, Information Assurance, Computer Science, or related discipline.
• Experience:
  • 7 10 years of experience in cybersecurity operations, governance, and risk management.
  • Proven track record conducting enterprise security assessments, compliance audits, and incident response.
  • Experience advising large-scale IT or government programs on security architecture and mitigation strategies.

Technical Expertise:

• Strong understanding of NIST SP 800-53/171, FedRAMP, FISMA, CIS Controls, and Zero-Trust Architecture.
• Proficiency in SIEM tools (Splunk, Microsoft Sentinel), vulnerability management tools (Nessus, Tenable, Qualys), and endpoint security (CrowdStrike, Defender).
• Hands-on experience in cloud security (AWS, Azure, or GCP), IAM, PKI, firewall configuration, and network security.
• Familiarity with incident detection, SOC operations, and digital forensics tools.

Preferred Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• CompTIA Security+
• Certified Ethical Hacker (CEH)
• AWS Certified Security Specialty or Microsoft Certified: Cybersecurity Architect Expert (SC-100)
• Certified Cloud Security Professional (CCSP)
• NIST Risk Management Framework (RMF) Practitioner or ISO 27001 Lead Implementer

Job Tags

Similar Jobs