Duties and responsibilities include but are not limited to:

• Provide strategic leadership of the enterprise risk management and enterprise cybersecurity risk management task areas of the Cybersecurity Support Services (CSS) program at the Department of Health and Human Services (HHS).
• Provide strategic leadership of activities required under Circular A-123, Management Responsibility for Internal Controls, from the White House Office of Management and Budget (OMB), and the statute it implements, the Federal Managers Financial Integrity Act of 1982.
• Provide strategic leadership of Privacy and Information Management (PIM) Services - Breach Response Management, and Privacy Impact Assessments (PIAs).
• Support activities under other task areas of the contract, as directed by the CSS Program Manager.

Required Experience:

• Experience managing and steering dynamic, fast paced work environments
• Experience identifying and remediating programmatic and individual program gaps
• Expert in client management to include goal setting, expectation management, and timebound task delivery
• Experience in creating high retention work environments
• Experience identifying and developing potential future corporate leaders
• Ability to work hand in hand with clients, providing direct guidance and assistance
• Experience sourcing, interviewing, and placing candidates
• Proven capacity to supervise, mentor, and motivate subordinate team leaders
• Ability to ensure the success of assigned projects through tracking and execution of tasks
• Identifying factors and circumstances that may influence or lead to the formation of risks, issues, and opportunities
• Eliciting risks, issues, and opportunities from historical references, technical documentation, business processes, and U.S. Government-approved interview techniques, such as prompt lists and dipstick queries

Desired Experience:

• In-depth understanding of risk-related guidance from the National Institute of Standards and Technology (NIST); particularly their Special Publications in the 500, 800, and 1800 series, as well as their Interagency or Internal Reports (NISTIRs) and related artifacts.
• Identifying the factors and circumstances that may influence or trigger manifestations.
• Experience defining and explaining risks, issues, and opportunities from a:
  • Threat-centric approach.
  • Control-centric approach.
  • Vulnerability-centric approach.
• Procedure development and process improvement, such as ITIL, Lean, Six Sigma, and CMMI.
• Performing enterprise risk assessments.
• Performing enterprise risk analyses (qualitative, quantitative, and semi-quantitative).
• Performing issue & opportunity impact assessments.
• Performing issue & opportunity impact analyses.
• Performing privacy threshold assessments (PTAs) and privacy impact analyses (PIAs).
• Evaluating and comparing mitigations (including cost/benefit and time/resource evaluations).
• Performing analyses of alternatives (AoAs).
• Experience performing all steps of the NIST Risk Management Framework (RMF).
• Experience with both identifying and modeling threats. At a minimum, this experience would be in keeping with part 3 of NIST SP 800-30, Guide for Conducting Risk Assessments.
• Familiarity (prefer experience) with multi-layer and multi-dimensional relationships between specific and enterprise risks, issues, and opportunities, as described in ISO 31000, the 7 imperatives of Continuous Adaptive Risk and Trust Assessment (CARTA), the COSO Cube^®, and (ISC)².
• Working familiarity with U.S. Government approved mitigation approaches.
• Experience as an Information System Security Officer (ISSO) and/or a Security Control Assessor (SCA).
• Performing physical facility risk, issue, and opportunity (RIO) walkthrough inspections.
• Internal and external communications, including the use of style guides and applying the Plain Language Act.
• Developing taxonomies to clarify the policy-level relationship between traditional GRC and privacy.

Desired Training/Certification:

• Completion of U.S. Government authorized RMF training, either:
  • Introduction to the RMF, from the Center for Development of Security Excellence (CDSE), Defense Counterintelligence and Security Agency; or
  • RMF for Systems and Organizations Introductory Course - Version 2, from NIST
• Information Systems Audit and Control Association (ISACA): Certified in Risk and Information Systems Control (CRISC)
• (ISC)²: Certified Authorization Professional (CAP)
• (ISC)²: Certified Information Systems Security Professional (CISSP)
• (ISC)²: Information Systems Security Management Professional (CISSP-ISSMP)
• (ISC)²: Certified Cloud Security Professional (CCSP)
• Project Management Institute: Risk Management Professional (PMI-RMP)

Desired Education Requirement:Advanced degree in Organizational Leadership, Administration, or similar.

Clearance Requirement: Ability to obtain and maintain a Public Trust.

Duties and responsibilities include but are not limited to:

• Provide strategic leadership of the enterprise risk management and enterprise cybersecurity risk management task areas of the Cybersecurity Support Services (CSS) program at the Department of Health and Human Services (HHS).
• Provide strategic leadership of activities required under Circular A-123, Management Responsibility for Internal Controls, from the White House Office of Management and Budget (OMB), and the statute it implements, the Federal Managers Financial Integrity Act of 1982.
• Provide strategic leadership of Privacy and Information Management (PIM) Services - Breach Response Management, and Privacy Impact Assessments (PIAs).
• Support activities under other task areas of the contract, as directed by the CSS Program Manager.

Required Experience:

• Experience managing and steering dynamic, fast paced work environments
• Experience identifying and remediating programmatic and individual program gaps
• Expert in client management to include goal setting, expectation management, and timebound task delivery
• Experience in creating high retention work environments
• Experience identifying and developing potential future corporate leaders
• Ability to work hand in hand with clients, providing direct guidance and assistance
• Experience sourcing, interviewing, and placing candidates
• Proven capacity to supervise, mentor, and motivate subordinate team leaders
• Ability to ensure the success of assigned projects through tracking and execution of tasks
• Identifying factors and circumstances that may influence or lead to the formation of risks, issues, and opportunities
• Eliciting risks, issues, and opportunities from historical references, technical documentation, business processes, and U.S. Government-approved interview techniques, such as prompt lists and dipstick queries

Desired Experience:

• In-depth understanding of risk-related guidance from the National Institute of Standards and Technology (NIST); particularly their Special Publications in the 500, 800, and 1800 series, as well as their Interagency or Internal Reports (NISTIRs) and related artifacts.
• Identifying the factors and circumstances that may influence or trigger manifestations.
• Experience defining and explaining risks, issues, and opportunities from a:
  • Threat-centric approach.
  • Control-centric approach.
  • Vulnerability-centric approach.
• Procedure development and process improvement, such as ITIL, Lean, Six Sigma, and CMMI.
• Performing enterprise risk assessments.
• Performing enterprise risk analyses (qualitative, quantitative, and semi-quantitative).
• Performing issue & opportunity impact assessments.
• Performing issue & opportunity impact analyses.
• Performing privacy threshold assessments (PTAs) and privacy impact analyses (PIAs).
• Evaluating and comparing mitigations (including cost/benefit and time/resource evaluations).
• Performing analyses of alternatives (AoAs).
• Experience performing all steps of the NIST Risk Management Framework (RMF).
• Experience with both identifying and modeling threats. At a minimum, this experience would be in keeping with part 3 of NIST SP 800-30, Guide for Conducting Risk Assessments.
• Familiarity (prefer experience) with multi-layer and multi-dimensional relationships between specific and enterprise risks, issues, and opportunities, as described in ISO 31000, the 7 imperatives of Continuous Adaptive Risk and Trust Assessment (CARTA), the COSO Cube^®, and (ISC)².
• Working familiarity with U.S. Government approved mitigation approaches.
• Experience as an Information System Security Officer (ISSO) and/or a Security Control Assessor (SCA).
• Performing physical facility risk, issue, and opportunity (RIO) walkthrough inspections.
• Internal and external communications, including the use of style guides and applying the Plain Language Act.
• Developing taxonomies to clarify the policy-level relationship between traditional GRC and privacy.

Desired Training/Certification:

• Completion of U.S. Government authorized RMF training, either:
  • Introduction to the RMF, from the Center for Development of Security Excellence (CDSE), Defense Counterintelligence and Security Agency; or
  • RMF for Systems and Organizations Introductory Course - Version 2, from NIST
• Information Systems Audit and Control Association (ISACA): Certified in Risk and Information Systems Control (CRISC)
• (ISC)²: Certified Authorization Professional (CAP)
• (ISC)²: Certified Information Systems Security Professional (CISSP)
• (ISC)²: Information Systems Security Management Professional (CISSP-ISSMP)
• (ISC)²: Certified Cloud Security Professional (CCSP)
• Project Management Institute: Risk Management Professional (PMI-RMP)

Desired Education Requirement:Advanced degree in Organizational Leadership, Administration, or similar.

Clearance Requirement: Ability to obtain and maintain a Public Trust.

Duties & responsibilities may include but are not limited to:

• Lead a team of up to 4 other ISSOs.
• Conduct Security Assessment & Authorization or re-Authorization in accordance with NIST SP 800-37 Rev 1, the LC Security Assessment and Authorization Guidance, and Information Technology Security Directive 5-410.1.
• Conduct security Continuous Monitoring in accordance with NIST SP 800-53a, LC Information Security Continuous Monitoring Guidance, and Information Technology Security Directive 5-410.1.
• Attend project team meetings and work with project team members to securely operate systems in LC environment(s).
• Attend ad-hoc, daily, weekly, monthly meetings with IT system project staff, Information System Business Owners, Authorizing Official, and others to discuss IT security matters related to the system they are supporting.
• Support various OCIO initiatives regarding the system they support (i.e., Data Center relocation efforts, new tool implementations, etc.).

Required Qualifications:

• Minimum of 5 years of Information Assurance-related experience.
• Ability to effectively and clearly communicate both orally (in common English narration) and in writing (to include technical documentation).
• Ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
• Proficiency in Microsoft® Office 2016 or later with particular emphasis on Microsoft® Word®, Excel®, PowerPoint®, and Project®.
• United States citizenship.

Certification Requirement: At least one DoD 8570-approved IAT II certification: CCNA Security, CySA, GICSP, GSEC, Security+, CND, or SSCP.

Education Requirement: Bachelor’s degree in Computer Science, Information Systems, Engineering or related field, or equivalent experience.

Clearance Requirement: Ability to obtain a favorable determination from LOC Tier 2 (Moderate-Risk Public Trust) Background Investigation.

CENTERPOINT is an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

Duties & responsibilities may include but are not limited to:

• Conduct Security Assessment & Authorization or re-Authorization in accordance with NIST SP 800-37 Rev 1, the LC Security Assessment and Authorization Guidance, and Information Technology Security Directive 5-410.1.
  
• Conduct security Continuous Monitoring in accordance with NIST SP 800-53a, LC Information Security Continuous Monitoring Guidance, and Information Technology Security Directive 5-410.1.
• Attend project team meetings and work with project team members to securely operate systems in LC environment(s).
• Attend ad-hoc, daily, weekly, monthly meetings with IT system project staff, Information System Business Owners, Authorizing Official, and others to discuss IT security matters related to the system they are supporting.
• Support various OCIO initiatives regarding the system they support (i.e., Data Center relocation efforts, new tool implementations, etc.).

Required Qualifications:

• Minimum of 4 years of Information Assurance-related experience.
• Ability to effectively and clearly communicate both orally (in common English narration) and in writing (to include technical documentation).
• Ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
• Proficiency in Microsoft® Office 2016 or later with particular emphasis on Microsoft® Word®, Excel®, PowerPoint®, and Project®.
• United States citizenship.

Certification Requirement: At least one DoD 8570-approved IAT II certification: CCNA Security, CySA, GICSP, GSEC, Security+, CND, or SSCP.

Education Requirement: Bachelor’s degree in Computer Science, Information Systems, Engineering or related field, or equivalent experience.

Clearance Requirement: Ability to obtain a favorable determination from LOC Tier 2 (Moderate-Risk Public Trust) Background Investigation.

CENTERPOINT is an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

CENTERPOINT is seeking a motivated and customer-oriented cybersecurity professional to support our federal client. The candidate will support the client's cybersecurity mission to ensure the client can actively protect the vital health information with which it is entrusted, respond to existing and emerging cybersecurity threats, and continue to enhance the program to ensure client has the capability and capacity to respond to new and emerging requirements, technologies and threats. The High Value Assets Team (HVA) Lead will work with the customer's Office of Information Security (OIS) to ensure the HVA Program meets its mission, vision, goals, and objectives.

Duties and responsibilities include:

• Support overall strategic planning to ensure the HVA Program meets its mission, vision, goals, and objectives.
• Remain abreast of HVA-related information from OMB/DHS and other applicable federal mandates and strategies.
• Review, update, and maintain existing client HVA policies, memoranda, and standards.
• Identify and analyze new and emerging requirements for policy impacts.
• Provide feedback on all GRC policies and guidance.
• Provide timely response to OpDivs requesting HVA /risk related information in SRM mailbox
• Develop timelines, presentations, memoranda, and other administrative duties as needed
• Develop new policies, procedures, methodologies, frameworks, memoranda or standards.
• Provide expert consulting on cybersecurity strategic and operational matters towards integration with client Enterprise Risk Management (ERM) Program and Framework and working towards providing cybersecurity information to make holistic, enterprise-wide risk-based decisions.

Required Qualifications:

• 8 years of relevant experience and skills including experience supporting a High Value Asset Program.
• Prior experience supporting gov’t security programs.
• Strong project management or project coordination experience (ex: defining scope, setting project timelines and milestones, driving deliverables, identifying risks, managing issues, and client relationship management).
• Must be able to multi-task and prioritize workload while not becoming inundated with unnecessary details.
• Strong attention to detail.
• Ability to schedule meetings, manage group mailbox and calendar, and craft outbound correspondence for OpDivs and Client (with Lead input).
• Ability to identify risk, gaps and deficiencies within organization processes.
• Experience developing and maintaining Corrective Action Plans and Standard Operating Procedures (SOPs).
• Excellent communications and interpersonal skills- this role interfaces with various stakeholders.

Desired Qualifications:

• Proficiency in Excel, Visio, and graphic design tools.
• Data call management experience.
• Understanding of FISMA compliance requirements and reporting.
• Graphic design capability.
• Familiarity with OMB Max.

Certification Requirement: Industry standard cybersecurity certification, e.g. Security+, preferred.

Education Requirement: Bachelor’s degree in Computer Science, Information Systems, Engineering or related field, or equivalent experience (+2 years).

Clearance Requirement: Ability to obtain and maintain a Public Trust.