Mid Level Cyber Risk Advisor

Company Overview
Aligned Development Strategies, Inc. (ADSI) is a dynamic and dedicated small business based in Washington, DC. We specialize in providing innovative information technology and management consulting services, partnering with government and commercial clients to solve complex business challenges through cutting-edge technological solutions. Our commitment is to deliver dependable services with integrity and excellence.

Overview
We are seeking a proactive and detail-oriented Mid Level Cyber Risk Advisor to join our cybersecurity team. In this vital role, you will be instrumental in assessing, managing, and mitigating cyber risks across diverse IT infrastructures. Your expertise will help safeguard sensitive information, ensure compliance with industry standards, and strengthen our clients’ security posture. This position offers an exciting opportunity to contribute to high-impact projects within a collaborative environment that values innovation and continuous learning.

Responsibilities

• Evaluate, maintain, and communicate the risk posture of each FISMA system to executive leadership and make risk-based recommendations to the Authorizing Official.
• Identify the types of information processed
• Assign the appropriate security categorizations to the information systems
• Ensure that CMS has the legal authority, either under a statute or an executive order, to conduct activities involving the collection, use, and disclosure of PII/PHI
• Determine the privacy impacts and manage information security and privacy risk.
• Act as the subject matter expert in all areas of the Risk Management Framework (RMF).
• Support the stakeholders in ensuring that all requirements specified by the ARS and the procedures and standards of the RMH are implemented and enforced; serve as an active participant in the system development life cycle (SDLC) / Technical Review Board (TRB); provide requirements; and recommend design tradeoffs considering security, functionality, and cost.
• Ensure information security and privacy testing is performed throughout the SDLC as appropriate and results are considered during the development phase of the SDLC.
• Monitor system security posture by reviewing all proposed information security and privacy artifacts to provide recommendations to the ISSO.
• Provide guidance to stakeholders on required actions, potential strategies, and best practices for closure of identified weaknesses.
• Serve as the authority to approve selected system configuration deviations from the required baseline
• For each FISMA system or collection of PII/PHI, coordinate with the Data Guardian, Information System Owner (ISO), Business Owner, and ISSO to:
• Identify the types of information processed
• Assign the appropriate security categorizations to the information systems
• Ensure that CMS has the legal authority, either under a statute or an executive order, to conduct activities involving the collection, use, and disclosure of PII/PHI
• Determine the privacy impacts and manage information security and privacy risk

Qualifications

• 8+ years of professional experience developing and implementing information security/assurance programs, policies, processes, and procedures per various security frameworks/laws/standards/directives, e.g.: FISMA; OMB directives; Presidential Directives; NIST (SP-800 series; FIPS); HIPAA of 1996; Privacy Act
• Comprehensive knowledge of the FISMA, HIPAA laws and Privacy Act of 1974
• In-depth knowledge of the NIST SP 800 series documents, especially 800-34, 37,39 47, 53, 53A, 60, 63, 64, 137 and FIPS 140, 199, 200 and 201
• In-depth knowledge of the 800-53 security control requirements and standard methods for implementing them
• Practical knowledge of IT System contingency planning
• Understanding of risk assessment and risk management concepts
• Good understanding of continuous monitoring and continuous authorization concepts
• Good understanding of protection of PII and PIA concepts
• Expert use of MS Office, especially Word, PowerPoint and Outlook
• Good ability to articulate technical concepts, especially in the review process
• Relevant certifications such as CISSP, CISM, CISA, CEH or CompTIA Security+ are preferred. Join us at ADSI to be part of a passionate team dedicated to protecting critical information assets through innovative cybersecurity strategies!

Pay: $95,000.00 - $105,000.00 per year

Benefits:

• Dental insurance
• Health insurance
• Paid time off

Work Location: Hybrid remote in Windsor Mill, MD 21244