Cyber Security Risk Lead

Primary Responsibilities:

• Lead cybersecurity risk management for VA corporate IT systems, identifying, assessing, and prioritizing risks across legacy and DevSecOps environments (e.g., AWS, Azure).
• Develop and implement risk mitigation strategies, ensuring compliance with VA security standards (e.g., FISMA, NIST 800-53, FIPS 140-2, HIPAA) and VA Handbook 6500.
• Conduct regular security assessments, vulnerability scans, and penetration testing, collaborating with DevOps and Cloud Engineers to harden systems and CI/CD pipelines.
• Oversee the integration of security controls (e.g., encryption, access management, monitoring) into development and deployment processes, aligning with Agile delivery cycles.
• Serve as the primary point of contact for VA stakeholders, including the Information Security Officer (ISO) and Contracting Officer’s Representative (COR), on cybersecurity risk and compliance matters.
• Utilize VA-approved tools (e.g., Jira, GitHub, ServiceNow) to document risk assessments, track remediation efforts, and contribute to Biweekly Status Reports on security posture and incidents.
• Ensure alignment with the VIP Lean-Agile framework by embedding security practices into Agile ceremonies (e.g., sprint planning, retrospectives) and supporting incremental delivery.
• Coordinate with Solution Leads and Data Architects to secure data migrations, cloud deployments, and enterprise asset management systems (e.g., IBM Maximo).
• Monitor emerging threats and regulatory changes, advising on the adoption of technologies like AI-driven security analytics to enhance VA OIT’s cybersecurity resilience.
• Mentor team members on cybersecurity best practices, risk management frameworks, and federal compliance, contributing to Trilogy’s staff development and technical excellence initiatives.
• Manage incident response planning and execution, ensuring rapid resolution of security breaches and minimal impact on VA operations.
• Drive exceptional customer satisfaction by delivering proactive, Veteran-centric cybersecurity solutions that safeguard VA systems and data.

Minimum Requirements:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• One of the following certifications required: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or GIAC Security Leadership Certification (GSLC).
• 8+ years of experience in cybersecurity, risk management, or a related leadership role, with a focus on federal or VA IT environments.
• Proven expertise in risk assessment, security compliance, and mitigation strategies, with hands-on experience using tools like Nessus, Qualys, Splunk, or Tenable.
• Strong leadership and analytical skills, with the ability to manage complex security challenges in a dynamic, fast-paced environment.
• Familiarity with VA security standards (e.g., FISMA, NIST, HIPAA) and the VIP Lean-Agile framework is highly desirable.
• Proficiency in MS Office Applications (Word, Excel, PowerPoint, Visio, SharePoint) and VA-approved tools (e.g., Jira, GitHub, ServiceNow).
• Ability to adapt to evolving security threats and travel occasionally to VA sites in Washington, D.C., as needed.
• Ability to obtain a Public Trust Clearance

Preferred Qualifications:

• Master’s preferred
• Additional certifications such as CEH (Certified Ethical Hacker) or CRISC (Certified in Risk and Information Systems Control) preferred.

Benefits (including but not limited to):

• Health, dental, and vision plans
• Optional FSA
• Paid parental leave
• Safe Harbor 401(k) with employer contributions 100% vested from day 1
• Paid time off and 11 paid holidays
• No cost group term life/ADD plan, and optional supplemental coverage
• Pet insurance
• Monthly phone and internet stipend
• Tuition and training reimbursement