Cybersecurity Reporting Lead

Evolver Federal is seeking a Cybersecurity Reporting Lead to support its Federal client in Springfield VA in managing, maturing and implementing automation in support of the client's FISMA reporting requirements. The Lead is responsible for leading a team in executing data analysis & reporting for Federal Client and across its component organization to meet FISMA requirements. The Lead will also provide input into the design and implementation of future state GRC tools.

The successful candidate will have over 10 years' experience leading teams in support of enterprise level Cybersecurity Risk Management and Compliance Programs for large federal agencies and be a "hands on" leader, actively participating in the work required to support client reporting and data needs. We are seeking a confident professional with a consulting background who has led process improvement initiatives leveraging automation and has experience in data analytics having leveraged Excel, Power BI, Tableau, and/or Splunk to develop and present data visualizations. Previous experience leading teams in executing Assessment and Authorization (A&A) processes, overseeing FISMA compliance, and supporting Federal clients in implementing the NIST Cybersecurity Framework (CSF) and NIST Risk management Framework (RMF) will be instrumental in achieving success.

Responsibilities

• Employ agile methodology(ies) to plan, organize, assigned, report on and lead work in support of the client's FISMA Metrics reporting requirements.
• Oversee the end-to-end lifecycle of FISMA metrics reporting, ensuring accuracy, timeliness, and alignment with OMB and DHS requirements.
• Lead and execute data extraction, transformation, and analysis tasks.
• Generate trend reports, scorecards, and executive summaries.
• Design and implement GRC solutions, including creation and management of supporting workflows.
• Provide input to client's automation strategy including recommendations on tools, process improvements, and integration projects to facilitate efficiencies.
• Lead cross-functional teams in the collection, validation, and analysis of cybersecurity performance data.
• Design and maintain dashboards and visualizations to communicate trends and compliance status to executive leadership.
• Translate complex cybersecurity data into actionable insights for decision-makers.
• Ensure alignment of reporting processes with evolving federal mandates.
• Provide strategic input and recommendations for improving data quality, automation, and reporting efficiencies.
• Serve as the primary liaison between CISOD and DHS components for FISMA metrics coordination.
• Conduct training sessions and develop documentation to support consistent reporting practices across teams.

Basic Qualifications

• Bachelor's degree in Computer Science or related field
• 10+ years of experience in cybersecurity, including at least four years of specialized experience involving continuous monitoring.
• 10+ years' experience with NIST 800-37, experience that can span across a subset, or all, of the steps within the Risk Management Framework.
• 8+ years' project management experience to include leading cross-functional teams to support mission needs.
• 8 years' experience assessing security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security control implementation.
• 5+ years of with NIST SP 800-53, 800-37, DHS 4300A/B
• 5+ years of experience with FISMA metrics and security compliance
• 3 + years' leveraging Agile Methodology in managing projects.
• 3+ years' experience as an Information System Security Office (ISSO) in/ in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to: System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs).
• 3+ years' experience designing and implementing GRC solutions with the ability to create and manage workflows.
• 2+ years' of experience with tools such as Excel, Power BI, Tableau, Splunk, or Elastic for dashboarding and visualization.
• 2+ years of experience with FISMA compliance tools and DHS FISMA Scorecard Metrics.
• 2+ years' experience managing POA&Ms from open to closure, including developing realistic mitigation plans aligning to realistic and achievable milestones.
• 2+ years' experience with developing and maintaining cybersecurity policies for Federal Agencies, specifically DHS.
• 2+ years' experience with FedRAMP with knowledge of compliance criteria.
• 2+ years' experience with CSAM.
• 2+ years' experience with SQL and scripting for the purposes of data automation and reporting.
• Familiarity with DHS Cybersecurity Acquisition Lifecycle Framework (ALF).
• 2 + years' experience in participating in and/or managing responses to external and internal audits sponsored by auditing entities such as OIG, GAO, OMB.
• 2 + years' experience with emerging technologies such as Machine Learning, AI, RPA, IoT/OT, etc. with ability to apply this experience to advise on recommended automation strategies to promote efficiencies in the client environment
• 2 + years' with DHS HQ or Component level
• Must have one of the following certifications: PMP, GISP, CISM, OR CISSP
• Must have active Secret Clearance

Preferred Qualifications

• Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with a diverse group of government and contractor stakeholders at various levels within the organization, including developing and maintaining agendas, meeting notes, and meeting records, including maintaining a repository of all meeting records.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to clearly communicate complex technical concepts to Information Technology Project Managers, ISSOs, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
• Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
• Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
• Strong, self-aware leader with experience in building and maintaining positive, supportive, team cultures leading to the successful delivery and execution of quality deliverables in support of client mission needs.
• Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, and problem-solving skills.
• Must have previous client-engagement experience.
• Excellent written and verbal communication for interacting with stakeholders, executives, and auditors.
• Experience with RegScale
• Previous experience assisting Federal clients in bringing automation into their environment to facilitate efficiencies preferred

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.