Enterprise Risk Analyst - Mid

Responsibilities

• Monitor and manage the Department's information system inventory program.
• Strengthen data quality through increased automation in the Department's system of record, customization of additional agency defined data items, and improved workflows.
• Provide maintenance, development, support, recommendations for old and new initiatives pertaining to FISMA Inventory using efficient, new, cost-effective processes and technologies of the DHS FISMA Compliance Tool and front-end applications.
• Lead in automation and development of all stages of Inventory Workflow Process (i.e., the Inventory Change Request (ICR), reporting and all approval process in current and new platforms).
• Develop, maintain, and update policies, and standard operating procedures for all inventory tasks and reporting. Keep up to date internal SOP/documentations of all Inventory processes in Microsoft Teams or any other applications in use (shared folders/drives, SharePoint, etc.) as specified by the Federal Lead.
• Plan, host, and coordinate Component Inventory Quarterly Discovery Meetings to obtain general organizational information and updates, additions, or modifications to the Component FISMA Inventory for the purpose of system discovery.
• Conduct reviews, maintain, and update the FISMA Inventory to ensure that all system categorizations and data align with all data sources.
• Capture and maintain a list of third-party systems and External Information Systems (EIS) that process or store DHS data in accordance with OMB directives. Ensure that all EISs are captured in the DHS FISMA Compliance Tool and adhere to requirements set forth by the DHS FISMA System Inventory Methodology and any other relevant policies.
• Generate and automate monthly and quarterly reports pertaining to FISMA Inventory which may include but is not limited to the Monthly Inventory Report for the Enterprise Cybersecurity Governance Division, Component monthly reports, Special Designation Reports such as Cloud , Financial , High Valua Assets (HVA), and Mission Essential systems.
• Prepare documentation such as the inventory breakdown per Component, Component brief, and report schedules, executive summary reports for each DHS Component before and after Component Inventory Quarterly Discovery Meetings.
• Ensure the proper forms and supporting documentation are submitted via the correct workflow, with the appropriate signatures (i.e., CISO, CFO, etc.) to track/manage inventory changes and Federal approvals (i.e., Compliance Designees, Capital Planning and Investment Control (CPIC) Admin Team, FISMA Inventory Management Team, etc.) before requests are processed in the DHS FISMA Compliance Tool. l. Process daily ICRs from DHS components and maintain the FISMA Inventory Mailbox. Research and provide responses to customer(s) on ICRs processed.
• Provide responses in support of audits related to cybersecurity.
• Coordinate and follow up with Subject Matter Experts (SMEs) to generate responses, update, finalize and submit cybersecurity reports. Gather responses, review/validate responses with SMEs, compile the report and brief CISOD management.
• Prepare various reports and executive summaries, talking points and PowerPoint slide deck for briefing to CISO and CIO as required by CFO, OMB, and other executive directives.
• Maintain and update the DHS FISMA System Inventory Methodology. Recommend and implement improvements to the Methodology as approved by the Federal Lead.
• Maintain and update FISMA Inventory and the back-end databases. Provide information/feedback for any updates to the ServiceNow Application contents in as needed/required.
• Integrate current database and application/tools, upgrade, and migration of data to new tools.
• Provide support to the system boundary consolidation effort.
• Perform routine Inventory Management Support.
• Assist with the collection, coordination, consolidation, and analysis of data calls as needed by the Federal government.
• Provide developer(s) clear guidance regarding necessary changes and updates to the authorized application or platform.
• Provide oversight of all common control providers
• Ensure that testing of common controls is being conducted in accordance with the Risk Management Framework and 4300 policy.
• Conduct annual reviews of Common Control Providers and Programs
• Host the DHS Common Controls Working Group quarterly,
• Support and maintain the Common Control Implementation Guide, Common Controls Methodology, and training materials.
• Conduct formal Common Controls DHS-wide compliance training to HQ components at least bi-annually.
• Provide monthly reporting on Common Control Providers and Programs
• Review Control Implementation Statements in Component Programs for at least 3 providers each month (Validate that Programs are not providing system level implementations or provide justification).
• Review, track, and report on all Program POA&Ms
• Review/Track all providing systems for completion of annual assessments in the DHS FISMA Compliance Tool.
• Develops and maintains Department level cybersecurity policies that govern the implementation of the DHS Information Technology cybersecurity program. Risk Management and Governance establishes and implements standards and frameworks for identifying and managing FISMA and FedRAMP compliance, cybersecurity risks, and information system inventory across the Department.
• Serve as an advisor to DHS Enterprise Cybersecurity Governance (ECG) Division personnel who represent DHS to external Government Agencies and Cybersecurity forums and discussions, as they relate to DHS Enterprise compliance activities.
• Develops Department-wide cybersecurity policies and standards based on DHS Strategies and frameworks to include the Cybersecurity Framework, Risk Management Framework (RMF), NIST Artificial Intelligence (AI) RMF, Machine Learning, Robotic Processing Automation, SELC, Secure Development and IT Operations and the Cybersecurity Acquisition Lifecycle (Cyber ALF), Internet of Things and Operational Technology (IoT/OT).
• Conducts research on newly released Presidential Executive Orders (EOs) and OMB Memos being issued and reviews current DHS policies, procedures, and provides DHS Fed Leads with recommendations on meeting requirements identified in the memos, EOs, or both.
• Coordinates across DHS Offices, Lines of Businesses, and Components to develop and maintain requirements for system security documentation for enterprise IT infrastructures, platforms, hardware, and software.
• Prepare various reports and executive summaries, talking points and PowerPoint slide deck for briefing to CISO and CIO as required by CFO, OMB, FNR and other executive directives.
• Develop and oversee the process, procedures, work instructions, and documentation (i.e., templates) to support the DHS Cybersecurity Risk Management Framework (RMF) functional areas for the Department.

Basic Qualifications

• 3 years of relevant experience
• Bachelor's degree or 8 years of working experience
• US Citizen with an Active Secret Clearance
• 1 Cyber Certification (CISSP, CISM, Security+, etc)
• 1 year of experience with FISMA and the NIST RMF

Preferred Qualifications

• Data Analytics Skills
• Tools experience with ServiceNow
• Experience with GRC solutions
• Experience with DHS 4300A
• Communication skills including ability the to be able to present
• Process Improvement Experience
• DHS EOD Preferred but not required

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.