The SME will work in concert with the Federal Leadership Team, Intra-agency Partner Groups and Project Management community to qualify and prioritize resource demand, support project delivery, and serve as a key touch point for SME customers. The SME will support a team of Senior Cybersecurity personal and is responsible for daily operations as well as tracking deliverables and due dates for multiple federal leads including senior Department of Energy (DOE) officials. The SME seeks opportunities to scale operations and drive improvements commensurate with changing business needs and requirements. The SME reports to the Cybersecurity SME team leader and may be required to assume management responsibilities during times of vacation or sick leave.
The SME will help the SME team leader establish, enhance, and sustain optimal practices, processes, and standards regarding Program and Project Methodology, Performance, and Governance Management. These efforts will support the clients Project Management community, Intra-agency Partner Groups, and Cybersecurity Team Leaders to successfully deliver projects and change initiatives to meet their strategic goals and objectives.
To achieve this, the SME must demonstrate relevant domain expertise of an Enterprise Cybersecurity Program and successfully translate best practices into consistent standards, plans, procedures, and frameworks that can be re-used on multiple projects and broader change management initiatives.
Duties and Responsibilities:
- Develop policy, program management plans and strategic documents
- Develop senior level white papers and point papers
- Provide strategic guidance and counsel to senior management
- Lead or facilitate major portions of large or medium projects / tasks, or provide sole support for small projects / tasks
- Gathers facts through research, interviewing, surveys, etc. analyze the client's business, draw conclusions, prepare final reports and gives presentations
- Provides technical knowledge and analysis of information assurance, to include system engineering; risk management; system authorization, critical infrastructure continuity and contingency planning; security awareness and training.
- Familiar with statutes, regulations, and current OMB, NIST, and NSA guidance with respect to establishing and maintaining a Cybersecurity program.
- Effectively build strategic relationships with a broad group of stakeholders in order to foster trust and influence key decisions
- Maintain integrity in all transactions; follows up and keeps promises; maintains ethical standards of clients
- Effectively adapts to new requirements; comfortable with complexity, ambiguity and change
- Ability to take large volumes of complex information and present it in a clear and concise manner to senior management
- Excellent verbal and written communication skills, attention to detail, and resourceful
- Bachelor’s Degree in Engineering, Computer Science, Information Security, or related field. Post graduate work, such as project management certification, or master’s degree, preferred.
- United States Citizen (REQUIRED)
- At least 8years of directly related experience is required
- Professional cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), SANS Global Information Assurance Certification (GIAC) or equivalent
- Project Management Professional (PMP)
Desired (at least three of the following):
- Familiarity with the Department of Energy (DOE)
- Cybersecurity policy, planning and reporting experience
- High Value Asset reporting and tracking
- Awareness and experience with Office of Management and Budget (OMB), National Institute of Science and Technology (NIST), and Department of Homeland Security (DHS) requirements, reporting, standards, guidelines, processes and toolsets
- NIST Cybersecurity Framework
- NIST Risk Management Framework
- Federal Information System, security lifecycle approach including assessment, authorization, and monitoring programs
- IT securityarchitecture with security operations center development and implementation
- Experience with continuity of operations and disaster recovery
- Familiarity with cybersecuritytechnologies related to continuous monitoring, Security Incident and Event Management