Washington, DISTRICT OF COLUMBIA
Cyber Governance and Compliance Lead
Are you a cyber professional with a governance and compliance background intrigued by the challenges in information technology, associated with threats and vulnerabilities as it relates to an enterprise? Are you are interested in a role that offers an opportunity to provide front line support to our Federal clients? If yes, then Telesis wants to speak with you. Join our team of cybersecurity professionals who collaborate with government agencies, IT professionals, and clients to support cyber security and risk consulting engagements around the world.
As a Cyber Governance and Compliance Lead you will be an integral part of the Governance and Compliance Team (GCT) within our Client’s cybersecurity program. The Governance and Compliance Lead is responsible for overseeing the quality assurance of a cybersecurity program for our federal Client in the District of Columbia. In doing so, you will be responsible for the following:
- Establish, implement, and serve as the main point of contact (POC) for a fully functional cyber governance and compliance program for a federal government organization;
- Gather information from applicable cybersecurity laws, standards, and frameworks to develop security requirements and objectives for compliance;
- Identify any gaps in current policy, processes, or procedures within the Client’s cybersecurity program that cause non-compliance;
- Review POA&Ms, Security Assessment Reports (SARs), Inspector General reports, and any other documented findings and track remediation compliance;
- Gather data from stakeholders and respond to cyber data calls and submit reports such as FISMA;
- Develop and implement programs to ensure that systems, network and data users are aware of, understand and follow cyber policies and procedures;
- Work with all teams supporting the Client’s Office of Information Technology (Client) to correct and enhance the existing information;
- Engage in client Security Architecture assessments, regulatory compliance initiatives, and information security program reviews as needed;
- Coordinate with cybersecurity specialists, incident response handlers, digital forensic experts, network engineers, system engineers and Web application engineers to explore and report on specific security risk issues in depth;
- Work with teams to develop new or update existing cybersecurity policies, processes, and methodologies in compliance with the Federal Information Security Management Act (FISMA), NIST Special Publications, other Federal laws & regulations to gain or maintain compliance;
- Track emerging security practices and contribute to building and improving internal processes;
- Additional duties may include policy development, SOP development, technical content validation, and technical writing/editing.
- 5+ years of IT security, consulting, engineering, or risk management;
- Demonstrated ability to review and edit draft security artifacts to ensure compliance with NIST guidance such as the Cybersecurity Framework (CSF) and Risk Management Framework (RMF);
- Demonstrated ability to review and edit draft security artifacts as assigned to ensure compliance with FISMA;
- Security policy, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI);
- Knowledge of industry standard frameworks NIST, ISO, HIPAA, PCI;
- Knowledge of federal cybersecurity applicable laws such as FISMA, Privacy Act, etc.;
- Passion for creating high quality deliverables, tools, and automating processes. Ability to work cooperatively and collegiality with others, on multidisciplinary teams and to establish professional working relationships;
- Motivated self-starter that is also able to work independently with little management direction;
- Exceptional problem-solving and written and verbal communication skills in the English language;
- Excellent organizational skills and use of office productivity software such as Microsoft Office.
- Bachelor’s Degree in computer science, information technology, or related field
One or more of the associated cybersecurity certifications:
- Certified Information Systems Security Professional issued by Int’l Information System Security Certification Consortium (ISC2)
- – Certified Information Security Manager issued by Information Systems Audit and Controls Association (ISACA)
- CompTIA Advanced Security Practitioner issued by Computing Technology Industry Association (CompTIA)
- GSLC GIAC Security Leadership Certification issued by the SANS Institute
- Project Management Professional issued by Project Management Institute (PMI)
Must be a U.S. Citizen and have the ability to attain clearance to hold a Public Trust position
Collaboration, innovation, sustainability: these are the hallmark issues shaping Federal government initiatives today. Telesis’ Federal practice is passionate about making an impact with lasting change. We collaborate with teams from across our organization in order to bring the full breadth of Telesis to support our clients. Our aspiration is to be the premier integrated solutions provider in helping to transform the Federal marketplace.
At Telesis, we know that great people make a great organization. We value our people and offer employees a broad range of benefits to include medical, dental, vision, PTO, 10 holidays, and 401k matching.
Telesis is leading technology solutions leader with headquarters in McLean, VA. We work with federal government clients helping them to solve the toughest challenges they face in defense, intelligence, treasury, energy, and civilian sectors. Telesis employees support vital missions for our government and our employees develop innovative solutions to produce lasting credible results.