We are seeking a Cybersecurity Subject Matter Expert specializing in FISMA compliance and reporting to support federal government programs. This role focuses on comprehensive cybersecurity program reporting and compliance with federal requirements. This position is located in Washington, DC.
Position Description:
The Cybersecurity SME will lead the development and submission of federal cybersecurity reports and metrics, ensuring compliance with OMB, CISA, and Congressional requirements.
Key responsibilities include:
- Manage FISMA reporting processes and data collection
- Develop and submit quarterly and annual CIO FISMA metrics
- Monitor and respond to Executive Orders and White House cybersecurity directives
- Track and report on CISA Binding Operational Directives and Emergency Directives
- Ensure compliance with FedRAMP requirements
- Conduct system security assessments and documentation
- Perform data analysis and create comprehensive reports
- Interface with key stakeholders across organizational levels
- Develop and review security documentation
- Map technical requirements to security controls
- Maintain reporting accuracy and consistency across platforms
Required Education and Experience:
- Master's degree in Cybersecurity, Information Technology, or related field, OR 8+ years of experience in cybersecurity compliance and reporting
- Extensive experience with FISMA requirements and reporting
- Background in federal cybersecurity programs
Required Skills and Competencies:
- Expert knowledge of FISMA requirements and metrics
- Strong understanding of NIST frameworks and controls
- Experience with federal reporting systems (e.g., Cyberscope)
- Expertise in security assessment and authorization
- Strong data analysis and interpretation skills
- Excellence in technical writing and documentation
- Experience with risk assessment and management
- Knowledge of federal security requirements and directives
- Ability to translate complex technical information
- Strong project management capabilities
- Experience in stakeholder engagement
- Proficiency in data collection and analysis tools
Desired Skills and Competencies:
- Security certifications (CISSP, CISM, CAP)
- Experience with automation of compliance reporting
- Knowledge of emerging cybersecurity trends
- Background in federal IT governance
- Experience with security control assessment
- Expertise in vulnerability management
- Understanding of cloud security requirements
- Knowledge of privacy requirements and controls
- Experience with security documentation systems
- Familiarity with continuous monitoring programs
- Strong presentation and briefing skills