Job Family:
Cyber Consulting
Travel Required:
Up to 25%
Clearance Required:
Ability to Obtain Public Trust
What You Will Do:
- Lead cyber risk management efforts across a portfolio of client applications.
Manage end-to-end POA&M lifecycle, including creation, tracking, validation, and closure of identified security weaknesses
Prioritize remediation activities based on risk severity, compliance requirements, and operational impact
Conduct regular POA&M status reviews and coordinate with system owners and O&M teams to track milestone progress
Perform BIAs to identify critical systems, functions, dependencies, and recovery time/objectives
Collaborate with stakeholders to validate system criticality and align with continuity and contingency planning requirements
- Build and maintain strong working relationships with business, engineering, and security teams to validate fixes, resolve blockers, and support timely remediation.
- Prepare reports and briefings for leadership and federal oversight stakeholders.
- Provide cyber subject matter expertise during information security audits and assessments.
- Maintain and update BIA documentation in alignment with evolving system architecture and mission priorities
What You Will Need:
- Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY and maintain an active HHS/NIH clearance are preferred.
- Minimum of THREE (3) years of cybersecurity or IT risk management experience, candidates with experience focused on cybersecurity risk management are preferred.
- Minimum of a Bachelors Degree is required.
- Tools: Hands-on experience with GRC platforms.
- Knowledge: Deep understanding of NIST SP 800-53, FISMA requirements, and 800-37.
- Soft Skills: Strong communication and analytical thinking; ability to manage multiple concurrent priorities and deadlines.
What Would Be Nice To Have:
- Experience developing automated data pipelines or integrating APIs into Power BI dashboards.
- Knowledge of MITRE ATT&CK framework and vulnerability prioritization methodologies (e.g., EPSS, CVSS v3).
- Prior experience supporting a federal agency or working in a Public Health environment.
- Certifications: Active CompTIA Security+ CE preferred; CISSP, CEH, or cloud-related certifications are a plus.
The annual salary range for this position is $85,000.00-$141,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Position may be eligible for a discretionary variable incentive bonus
Parental Leave and Adoption Assistance
401(k) Retirement Plan
Basic Life & Supplemental Life
Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
Short-Term & Long-Term Disability
Student Loan PayDown
Tuition Reimbursement, Personal Development & Learning Opportunities
Skills Development & Certifications
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Emergency Back-Up Childcare Program
Mobility Stipend