IT Project Security Advisor

Overview The candidate for this position will be responsible for supporting risk analysis and consulting in support of the agency Information Technology (lT) Technical Review Board (TRB).

The TRB evaluates and supports IT projects at the Smithsonian by assessing project and technology risks, advising project stakeholders, and providing an appropriate review.

The incumbent will be integral to the TRB objectives in improving the overall level of project success and system quality and to manage risk by performing applicable assessments such as IT Security, Privacy, PCI Compliance, Accessibility, and Technical Architecture.

Required Technical and Professional Expertise : 5+ years of relevant security experience. Bachelors in computer science, Information Security, Business, Management, Information Technology, or related field.

Previous security experience with a variety of security technologies. Understanding of the information security industry and the current threat landscape Preferred Qualifications 5+ years of relevant security experience.

Bachelors in Computer Science, Information Security, Business, Management, Information Technology, or related field. Previous security experience with a variety of security technologies.

Responsibilities Advise and assist project teams with selecting, planning, and architecting IT systems and technologies to meet Smithsonian IT security requirements.

Educate project stakeholders about Smithsonian IT Security policies and standards that apply to their project. Assist project stakeholders with identifying relevant solutions that have already received IT security approval for use at the Smithsonian.

Identify, assess, and propose mitigation strategies for information security risks associated with proposed and in-progress IT projects.

Review proposed system architectures and make recommendations to enhance security and promote integration with SI standards.

Support and promote Technical Review Board processes, Advise and assist project teams with developing required IT security-related documentation needed for project approval.

Work with project teams and the Office of Contracts to ensure that appropriate requirements are included in any contracts associated with the IT projects.

Collaborate with management and TRB colleagues to develop appropriate procedures, templates, checklists, standards, and educational materials to facilitate the review and support of IT projects.

Provide training and presentations to educate Smithsonian personnel about IT Security services and requirements for IT projects.

Assist PCI Working Group with assessing projects and advising project stakeholders on Payment Card Industry (PCI) compliance.

Attain advanced working knowledge of Smithsonian mission / business needs and IT- related policies / standards and apply these to the tasks described above.

Collaborate and communicate effectively with project teams, IT personnel, TRB members, and other customers and stakeholders.

Develop effective working relationships with colleagues and project stakeholders. Skills The proposed full-time staff must have the following skills and knowledge : Advanced knowledge of IT security principles, standards, and architectures - including the National Institute of Standards and Technologies (NIST) guidelines, Center for Internet Security (CIS) standards, and other information security best practices obtained through work experience.

Experience identifying, assessing, and recommending mitigation strategies for a variety of information security risks. Strong technical background with a broad understanding of security solutions, network architectures and communications, operating systems, web platforms, databases, mobile devices, development platforms, and other technologies.

Excellent writing, interpersonal and communication skills. Must be able to effectively communicate with a variety of audiences in a broad range of formats to inform, collaborate, advise, and influence them.

Experience developing and maintaining system information security documentation, including but not limited to requirements, plans, architectures, assessments, agreements, recommendations, and reports.

Must exercise reasonable judgment and work with stakeholders to determine appropriate solutions that balance security and business needs.

Must be well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.

Must be able to concurrently support a variety of projects in different stages of the project lifecycle and TRB processes.

Ability to work both independently and collaboratively with teams. The contractor must be responsible and capable of working with minimal supervision to effectively achieve the goals stated above, but also work well with others.

Provide guidance to assist our customers to meet the goals of their project without putting themselves and the Smithsonian Institution at an unacceptable level risk.

Must have the ability to think outside of the NIST RMF process when assessing risks. Most of the projects are for minor systems (websites, mobile apps, kiosks, etc.

for which we do not do the RMF. If a system needs an actual ATO, another member of the team would assess controls during the RMF A&A process.

They should be able to recognize risks in a system and recommend common techniques for mitigating them. They need to think creatively and should also have a broad technical and security background (able to understand the concepts and architectures, but do not necessarily need a lot of hands-on experience).

Must be familiar with Supply-Chain Risk Management concepts and practices. SALARY AND BENEFITS The leadership of our Company believes in attracting and retaining exceptional talent committed to serving our clients.

We offer a generous benefits package including health insurance, paid vacation, disability, and life insurance, and more.

Please visit our Careers page for additional information. Salary and benefits information will be available to applicants, when and if an offer is made.

OUR COMMITMENT TO DIVERSITY, EQUITY, AND INCLUSION The leadership of our Company is committed to a work culture of zealous advocacy, respect, diversity and inclusion, client-oriented defense, access to justice and excellent representation.

We are dedicated to building a strong professional relationship with each of our clients, to understanding their diverse circumstances, and to meeting their needs.

Our ability to achieve these goals depends on the efforts of all of us. HOW TO APPLY All applications must be completed online.

We do not accept paper submissions. Please visit our Careers Page to review all current job postings, and instructions on the application process.

• As an Equal Employment Opportunity (EEO) Employer, Cycurion, Inc. and our Subsidiaries prohibit discriminatory employment actions against and treatment of its employees and applicants for employment based on actual or perceived race or color, size (including bone structure, body size, height, shape, and weight), religion or creed, alienage or citizenship status, sex (including pregnancy), national origin, age, sexual orientation, gender identity (one’s internal deeply-held sense of one’s gender which may be the same or different from one’s sex assigned at birth;
• one’s gender identity may be male, female, neither or both, e.g., non-binary), gender expression (the representation of gender as expressed through, for example, one’s name, choice of pronouns, clothing, haircut, behavior, voice, or body characteristics;

gender expression may not be distinctively male or female and may not conform to traditional gender-based stereotypes assigned to specific gender identities), disability, marital status, relationship and family structure (including domestic partnerships, polyamorous families and individuals, chosen family, platonic co-parents, and multigenerational families), genetic information or predisposing genetic characteristics, military status, domestic violence victim status, arrest or pre-employment conviction record, credit history, unemployment status, caregiver status, salary history, or any other characteristic protected by law. Powered by JazzHR