United States onlyphia is hiring a Cyber Risk Management Analyst (C-SCRM) to provide strategic policy and operations best practices guidance for a federal cyber supply chain risk (C-SCRM) management program. This is a remote position. U.S. Citizenship is required with the ability to achieve public trust and agency suitability.
What You'll Do
- Provide subject matter expertise on cybersecurity and vulnerability policies, best practices, guidance, and process improvement recommendations.
- Review and understand policy documents such as Executive Orders, laws and regulations, industry standards, agency directives, guidelines, and procedures.
- Analyze the impact of policies concerning the C-SCRM program, CISA, DHS, or other external stakeholders.
- Provide feedback and recommended solutions for policy initiatives, program objectives, project plans, presentations or briefing slides, and other documents.
- Analyze and map authorities from policy documents to the current activities and plans of the C-SCRM program.
- Draft or edit informational articles, white papers, recommendations, or policy reviews for various audiences.
- Draft workflows or standard operating procedures (SOPs) for C-SCRM.
- Perform analysis as requested by team leads or across teams.
- Perform user testing and validation on C-SCRM databases and platforms.
- Organize and archive program documents using various platforms such as Teams or SharePoint.
- Engage stakeholders at different levels within the team, organization, and external entities and partners.
- Produce high-quality whitepapers, presentations, briefings, and executive summaries to be used by Senior U.S. Government officials
- Assists in the development and maintenance of analytical procedures and processes in support of changing operational requirements.
Education + Requirements
- Bachelor's OR master’s degree in computer science, Information Systems, or another related field. And 8 years of professional experience, or equivalent experience/combined education.
- Understanding how cybersecurity incidents and malicious campaigns unfold and their potential impact on the cyber supply chain.
- Familiarity with MITRE ATT&CK
- Familiarity with policies, procedures, standards, and guidelines, including NIST SP 800 series, Cybersecurity Framework, FISMA, and other audit and assessment policies.
- Technical writing experience.
Security Clearance
- U.S. Citizenship
- Ability to obtain and maintain a federal Public Trust
- DHS suitability (EOD) required before start
Preferred Certifications
- Certified Information System Security Professional (CISSP)
- Project Management Professional (PMP)
Who You Are A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.Intellectually curious with a genuine desire to learn and advance your career.An effective communicator, both verbally and in writing.Customer service-oriented and mission-focused.Critical thinker with excellent problem-solving skills If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Arephia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.phia values work-life balance and offers the following benefits to full-time employees: Comprehensive medical insurance to include dental and visionShort Term & Long-Term Disability 401k Retirement Savings Plan with Company MatchTuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.
