DescriptionThis position is fully remote!Gray Analytics is seeking a motivated and dedicated Cybersecurity Professional that is a recognized CMMC Certified Professional (CCP) by the CyberAB to assess, advise, and support commercial clients.
Other duties may include:
- Conduct comprehensive assessments of Defense Industrial Base (DIB) organizational networks and systems to assess their compliance with CMMC / NIST 800-171r2 requirements.
- Work with organizations to design and implement security measures and controls, in line with CMMC standards, to protect sensitive data and systems from infiltration and cyber-attacks.
- Coordinate with various functional teams within an organization to develop and implement the action plans necessary to achieve CMMC compliance.
- Assist organizations with the review and update of existing information security policies and procedures to align with evolving CMMC requirements and leading industry practices in cybersecurity.
- Prepare detailed reports on the status of an organization's CMMC compliance.
- Keep abreast of the latest cybersecurity threats and trends, as well as updates to the CMMC framework.
- Achieve utilization targets, complete projects on time and budget, and meet quality standards.
- Study, learn, test, document, execute and seek to continuously improve scalable consulting services processes to effectively deliver customer engagements while achieving a high level of customer satisfaction.
- Execute project planning, scheduling, and other coordination of internal and customer resources to facilitate interviews, meetings, and presentations.
- Prepare and deliver thoughtful, insightful, and professional presentations to customers and internal Gray Analytics stakeholders.
- Create, review and edit findings, observations, and recommendations reports.
- Become knowledgeable of Gray Analytics service offerings, sales process, marketing materials, contract and SOW structure, methodologies, delivery standards, work tools, and processes.
- Pursue additional education and stay current on best practices, technical skills, and tools related to the position's duties.
- This position has significant interaction with internal and external stakeholders, including colleagues, customers, partners, subcontractors, and potential investors. This position requires a strong customer service orientation and the ability to:
- Work independently on a variety of projects simultaneously.
- Exercise good judgment and initiative to manage priorities.
- Quickly develop trusting relationships and rapport with a variety of Defense Industrial Base compliance, information security and technology (I&T) professionals.
- Formulate questions and listen to customer responses effectively to elicit essential facts, data, business process descriptions, and insights.
- Demonstrate strong organizational abilities, effective writing skills, and communications skills.
- Develop presentations with clear messages, and effective slides, and deliver these presentations to senior executives.
- Lead teams of internal and external stakeholders to drive information security projects forward.
- Identify and manage client engagement expectations, risks, and issues.
Budgeted salary for this role is estimated to be between $100,000-$150,000 per year.
RequirementsRequired Qualifications:Must be a CMMC Certified Professional - CCP with the ability to obtain and maintain CCA designation within 6 months of start date.- Strong understanding and experience with Cybersecurity Risk Management principles with an emphasis on Framework Adoptions.
- Specific expertise in at least one of the below frameworks required:
- DoD Cybersecurity Policies including DFARS 7012, NIST 800-171 and CMMC
- NIST 800-53 Rev5
- NIST Cybersecurity Framework (NIST CSF)
- NIST Risk Management Framework (NIST RMF)
- HIPAA Security Rule / HITRUST
- ISO 27001 o System and Organizational Controls (SOC)
- Center for Internet Security (CIS)
- Ability and experience conducting Risk Assessments to include NIST 800-30 and/or CIS RAM methodologies.
- In-depth understanding of cyber security policy, tools, threat mitigation techniques, network topologies, and secure network design.
- Experience conducting information security/cyber readiness and/or assessments.
- Experience in designing and reviewing system architecture designs.
- Excellent technical writing and verbal client-facing communication skills.
- Ability to present findings and recommendations to an executive team or board.