Cybersecurity Risk Management Specialist

Dark Wolf Solutions is looking for a Cybersecurity Risk Management Specialist to join our team. This pivotal role demands a professional with a robust understanding of information security principles, coupled with proven expertise in security engineering, risk management, and compliance. The ideal candidate will have the ability to lead efforts that ensure the confidentiality, integrity, and availability of our systems, while also guiding our customers through the Risk Management Framework (RMF) processes. The candidate will focus on developing effective organizational policies and efficient processes will streamline ATO attainment, reduce risks, and strengthen overall cybersecurity resilience. This position is expected to be supported at a primarily remote capacity but the candidate is expected to be located within a commutable distance of a Dark Wolf Office for as needed in person support. Responsibilities include but are not limited to: 

• Designing, testing, and implementing secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, and incident response activities.
• Maintaining and enforcing common control providers to support compliance across systems.
• Developing organizational policies and procedures that highlighting best practices for cybersecurity hygiene, compliance, and risk management.
• Ensuring alignment with security standards and compliance regulations.
• Planning, executing, and monitoring the seven-step RMF process for clients.
• Supporting the entry and maintenance of data into information system security systems of record, such as eMASS and Xacta.
• Leading cybersecurity activities through all stages of the system lifecycle, from planning and development to deployment.
• Ensuring systems are properly hardened and that security analysis addresses all potential vulnerabilities.
• Managing and maintaining Assessment and Authorization (A&A) packages, including:
  • System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), and other artifacts required by Authorizing Officials (AOs).
• Overseeing the Authorization to Operate (ATO) process for modular systems.
• Managing POA&Ms by compiling, tracking, and closing system vulnerabilities.
• Recommending and implementing fix actions and compensating controls, as necessary.
• Briefibg Security Control Assessors (SCAs) and Authorizing Officials (AOs) weekly on the cybersecurity posture of risk management packages.

Required Qualifications:

• 5–10+ years of experience in information security principles, security engineering, risk management, and compliance
• 5+ years of experience in designing, implementing, and documenting system security requirements
• 2+ years of experience implementing and maintaining common control providers
• Strong understanding of the RMF process and its application in government and enterprise environments
• Proficient in developing and maintaining A&A packages, POA&Ms, and other compliance artifacts
• Hands-on experience with security tools and platforms such as eMASS and Xacta
• Excellent problem-solving and analytical skills with the ability to minimize risks efficiently
• Exceptional communication skills for stakeholder engagement and briefing sessions
• B.A. or B.S. in Information Systems, Computer Engineering, or related discipline
• DoD 8570 compliance with IAT Level II Required
  
• US Citizenship and at minimum active Secret security clearance required 
  

Desired Qualifications:

• Proven ability to gain a continuous authority to operate
• Experience with digital forensics, loss prevention, and eDiscovery are a plus
• The following certifications are desired: Security+, CISSP, CISM, CISA, CRISC
• Ability to guide customers to obtain a certificate to field
  

The estimated salary for this position is $150,000.00 to $175,000.00, commensurate on experience and technical interview. 
We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.