Cybersecurity Governance Lead - FCC

Washington, DC

⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️

Full Time Senior-level / Expert USD 63K - 147K * ^est.

cFocus Software Incorporated

Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.

View all jobs at cFocus Software Incorporated

Posted 11 hours ago

cFocus Software seeks a Cybersecurity Governance Lead to join our program supporting the Federal Communications Commission (FCC). This position is on-site in Washington, DC.

Qualifications:

Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Technologies, or other related fields
Certified Information Systems Security Professional (CISSP)
5+ years of federal security audit related experience
Working knowledge of the RMF, Audit support, Information Assurance, Cloud deployments, and Risk Management tools
Possess the knowledge, skills, tasks, and capabilities described in the work role Technology Program Auditing (OG_WRL-106) as outlined in the NICE Work Role Framework

Duties:

Assist with cybersecurity and privacy tasks incorporating the Risk Management Framework (RMF) for the authorization and accreditation of federal systems.
Support reporting, data calls, and deliverables under the Federal Information Security Modernization Act (FISMA), ensuring compliance with all requirements and relevant laws.
Design and implement risk management policies and procedures based on guidance from FISMA, OMB Circular A-130, and current versions of NIST Special Publications
Conduct Privacy Control Assessments in collaboration with security control assessments, focusing on privacy controls per NIST SP 800-53, SP 800-37, OMB A-130, and federal requirements.
Develop and implement automated Privacy Control Assessments to achieve continuous monitoring and minimize manual assessments.
Provide customers with guidance on privacy requirements, controls, responsibilities, and implementation methods.
Analyze findings from privacy security control assessments (PSCA) and quantify the associated risk.
Conduct Privacy Assessments, provide input into System Security Plans (SSPs), Privacy Impact Assessments (PIAs), and Initial Privacy Assessments (IPA), and offer recommendations based on evaluations.
Assist the Information System Security Officer (ISSO) with privacy-related duties, including Systems of Records Notices (SORNs), Computer Matching Agreements (CMAs), and Third-Party Web Application PIAs (TPWA PIAs).
Support the Cybersecurity Group with IT Security Awareness, Training, and Education of FCC personnel, contractors, and partners.
Develop and communicate cybersecurity awareness messaging based on current and evolving cyber threats.
Develop, administer, and conduct monthly phishing exercises.
As requested, facilitate and deliver New Employee cybersecurity and privacy training and other IT Security Training classes.
Collaborate with the Cyber Threat Intelligence Team to deliver cyber threat briefings to key stakeholders.
Create, review, and update training material and presentations to stay relevant to federal requirements and best practices
Review, update, and analyze OCIO, cybersecurity, and privacy policies in line with federal laws, regulations, and standards, considering unique business objectives.
Guide policy development, review, and preparation of final reports.
Collaborate with stakeholders, system owners, and FCC leadership to implement practical policies and procedures.
Document recommendations for improving legal and regulatory compliance.
Deliver executive briefs to FCC leadership and stakeholders.
Use the FCC-accredited Enterprise Governance, Risk, and Compliance (eGRC) tool for effective risk management.
Maintain regular communication with stakeholders to meet federal reporting requirements.
Design, analyze, and implement the FCC Cybersecurity and Privacy Policy.
Prepare policy reports outlining recommendations and directives from the CIO and CISO.
Manage and update the Cybersecurity Group’s internal policy SharePoint site or relevant document management system
Assist in analyzing audit reports, preparing responses, and developing remediation plans.
Plan and attend external auditor meetings.
Collect, evaluate, and submit artifacts by due dates.
Maintain an Audit Tracker Report to monitor audit status.
Use the eGRC tool to manage audit data and respond to auditor requests.
Prepare comprehensive responses and maintain communication with stakeholders