At GDIT, people are our differentiator! As an Senior Risk Manager supporting the VA Enterprise Security Architecture (ESA) Modernization Support project, you will be trusted to work actively with GDIT security and Cyber-Security professionals to support our VA customer.
Our mission within the VA is to ensure Veteran’s information, VA information systems and infrastructure is cybersecurity ready. GDIT will accomplish this while ensuring the resiliency of VA’s cybersecurity infrastructure through proactive monitoring, adaptive responses, adherence to Federal requirements and best practices, and the recruitment, retention, and development of a world-class cybersecurity workforce.
The ideal Senior Risk Manager will help the VA continue to evolve its information security program to address existing deficiencies, match the growing and evolving cybersecurity threat landscape, by minimizing risks from the use of new and existing technologies. The Senior Risk Manager will work with the Chief Architect and area leads to identify and mitigate risks to the program and assist in the management of cost, schedule, and performance.
Provide subject matter expertise on a multi-disciplinary team supporting VA in developing, maturing, tracking and reporting key cybersecurity maturity, performance, and effectiveness metrics across the organization.
Utilize risk management principles from established frameworks (e.g. NIST) to help improve cybersecurity performance and reduce risk across the enterprise.
Develop and maintain a risk register to track identified risks.
Work with the PM and area leads to develop and document risk mitigation considerations for identified risks
Create a feedback loop using the results from the risk assessment
Work with the PM and area leads to develop Threat Models as a part of the Risk Assessment Process in support of new and existing development of VA Enterprise Security Architecture.
Conduct and deliver an initial Risk Assessment and Gap Analysis to support the proposed future network security modernization effort
Work with the PM and area leads to Baseline risk documents based on a thorough risk assessment
Conduct periodic risk review meetings
Conduct, participate and/or oversee all periodic risk assessment updates and audits
Assist the IPTs with the risk planning, development/refinement, initiation, and execution for new requirements, projects, procedures, and guidelines.
Facilitate milestone planning by preparing, reviewing, and updating technical briefing materials, documentation, and program schedules relevant to risk management.
Assist in identifying, assessing, developing, and mitigating program risk.
Brief leadership on the status of program risks and recurring risk reports.
Communicate programmatic issues, concerns, and opportunities.
Author risk management SOPs and monitor program activities for consistency with the approved SOPs.
Prepare and staff formal risk reports containing analyses and recommendations to leadership as required.
Provide IPT training as needed on risk management processes and procedures.
Participates in special projects as required.
Required Skills and Experience
Bachelor’s Degree with 10 years of experience. Eight (8) years of additional relevant experience may be substituted for education
Experience in project management, engineering management, or another related subject of comparable complexity and responsibility.
In-depth knowledge of the Risk Management process (i.e., identifying, analyzing, mitigating, documenting, tracking and reporting risks).
Deep understanding of NIST Risk Management (RMF) and Cybersecurity Framework (CSF)
Strong understanding of NIST 800-53r5 Security and Privacy Controls for Federal Information Systems and Organizations
Understanding of cybersecurity risk management principles based on NIST policies and frameworks, including understanding of risk concepts including likelihood, probability, frequency, threat, vulnerability, and consequence for cybersecurity
Experience advising and assisting Federal client organizations in the performance of Cyber responsibilities, remediation efforts, audit recovery, or other cyber hygiene activities
Understanding and expertise in FISMA requirements and reporting
Ability to integrate with industry standards and trends for cybersecurity risk measurement and management techniques, including: NIST Cybersecurity Framework, NIST Risk Management Framework, NIST 800-37, FISMA, FITARA
Understanding of Cybersecurity Metrics (KPI, KRI)
Excellent verbal and written communications skills.
Experience with the use of Microsoft Outlook, PowerPoint, Excel, and Word.
Must be able to meet customer facility COVID requirements
Ability to obtain a Public Trust clearance (T4)
US Citizenship is required
Desired Skills and Experience
One or more of the following certifications:
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information System Control (CRISC) Agile project experience
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.