Cybersecurity Threat and Risk(Engineer OR Architect)

The Cybersecurity Threat and Risk Engineer is responsible for performing advanced information technology, and cyber security analysis and control work. The incumbent will provide technical writing, planning, coordinating, and implementation of security policies and procedures to protect cybersecurity assets and delivering cybersecurity incident detection, incident response, fraudulent activity, threat assessment, cyber intelligence, software security, and vulnerability assessment services. This position will proactively work with the Cybersecurity team, IT staff and agency employees.

The Cybersecurity Threat and Risk Architect performs highly advanced information technology, and cyber security analysis and control work. The incumbent will provide technical writing, planning, coordinating, and implementation of security policies and procedures to protect cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. This position will proactively work with the Cybersecurity team, IT Staff, and agency employees.

Vacancy will be filled at one of two levels - Cybersecurity Threat and Risk Engineer OR Cybersecurity Threat and Risk Architect. Selected applicant will be offered the position that most closely matches their education and experience.

WHAT WILL YOU DO:

Cybersecurity Threat and Risk Engineer

Risk Management

Collaborates with stakeholders on the security risk assessment process to address security compliance and risk mitigation.

Ensures plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Identifies and corrects potential company compliance gaps and/or areas of risk to ensure full compliance with security regulations.

Privacy

Collaborates with stakeholders on the privacy risk assessment process to address privacy compliance and risk mitigation.

Ensures that action plans, milestones, or remediation strategies are established to address vulnerabilities identified during risk assessments, audits, inspections, and similar evaluations.

Identifies and corrects potential company compliance gaps and/or areas of risk to ensure full compliance with privacy regulations.

Governance

Develops and drafts policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

Establishes and maintains communication channels with stakeholders.

Training and Awareness

Provides fraud and cyber-related training to internal and external stakeholders.

Coordinates with internal and external subject matter experts to ensure existing standards reflect organizational functional requirements and meet industry standards.

Assists with research strategies and knowledge management.

Performs related work as assigned.

Cybersecurity Threat and Risk Architect

Risk Management

Establishes, develops, and coordinates a risk management program and methods to monitor and measure risk, compliance, and assurance efforts.

Ensures plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Evaluates the effectiveness of procurement functions in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

Collaborates with legal counsel and management, key departments and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authoriza