• Subject Matter Expert III - Cyber Security Framework Lead

    Job Location
    # of Openings
    Security Clearance
    Active Secret
    Percentage of Travel Required
    Regular Full-Time
  • Overview

    Agency executive leadership is becoming more interested in cyber and enterprise risk and would benefit from near real-time cybersecurity visibility aligned to the NIST Cybersecurity Framework (CSF). A formal mechanism to collect and report cybersecurity effectiveness to executive leadership is required. Bridge communications between the CIO’s office, the CISO’s office, the IT Operations and Information Assurance organizations to lead the creation of this capability.


    • Provide the technical expertise, guidance, and advice to assist USAID’s development and pilot of an approach for assessing enterprise security posture, including the 5 identified NIST CSF functions of Identify, Protect, Defend, Respond, and Recover
    • Perform a technical evaluation and support a solution to provide high-level Agency cyber security risk management and priority actions based on the NIST Cybersecurity Framework (CSF) v1.1.
    • Develop a metrics-based approach to the Agency’s security posture and project prioritization
    • Provide the technical expertise, guidance, and advice to assist the Agency’s development and pilot of an approach for assessing security controls, monitoring risks, and addressing the Agency's security-related cybersecurity activities such as:
      • Developing security assessment plans
      • Conducting security control assessment
      • Performing and updating risk assessment
      • Developing a monitoring strategy to Identify and Prioritize enterprise risk
      • Determining remediation actions for enterprise risks
      • Recommending updates to assessments based on remediation
      • Providing advice on the submission of authorization packages
      • Providing executive recommendations on whether or not to authorize a system
    • Support the Agency’s continuous risk assessment of fast emerging technologies, such as Cloud, mobile, and wireless


    • Education:
      • Undergraduate degree in management/computer information systems
      • Master’s Degree in Computer Systems Management preferred
    • Required Knowledge/Experience:
      • CISSP certification
      • Understanding of the NIST Cyber Security Framework
      • Demonstrable experience as a Subject Matter Expert (SME) to Federal Chief Information Security Officers and in NIST CSF strategy implementation at the enterprise level
      • Combination of 10 years’ information security education experience
      • Writing management level technical communications
    • Preferred Knowledge/Experience
      • Experience with executive-level information security programs
      • An understanding of federal CISO responsibilities, and experience in multiple roles, including:
        • Information System Security Officer (ISSO)
        • Incident Responder / Network Security Analyst
        • Compliance Analyst
        • Security Architect
        • Security Engineer
        • Security Control Assessor
        • IT Auditor
      • Experience managing complex stakeholder expectations
      • An understanding of the GSA FedRAMP program
      • DHS CyberScope reporting requirements
      • Familiarity with The DHS CDM Program requirements
      • CISM, CRISC or other security risk management certifications
      • technical certifications in mobile, wireless and cloud

    Other Responsibilities

    • Perform other tasks consistent with the goals and objectives of the department/contract
    • Perform other duties as assigned by Sr Program Executive

    Invest in a company that invests in you! Copper River provides its employees with ample opportunities for career growth and development. Tuition reimbursement is offered to help employees further their education and skillset. Other perks include Open Leave, 401k matching with immediate vesting, Medical, Vision, and Dental coverage.


    EEO/AA Employer Minorities/Females/Vets/Disability


    Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed