Contract Subject Matter Expert (SME) - Cybersecurity Risk Management (Remote)

About the Role

We are seeking a highly skilled Contract Subject Matter Expert (SME) in Cybersecurity Risk Management to join our team remotely. In this role, you will leverage your extensive knowledge and experience in cybersecurity frameworks, particularly the NIST Risk Management Framework (RMF), to guide organizations in managing their cybersecurity risks effectively. As a Contract SME, you will play a crucial role in enhancing our clients' security posture and ensuring compliance with relevant regulations.

What You'll Do

• Provide expert guidance on cybersecurity risk management practices and frameworks, including NIST RMF and FISMA.
• Conduct security assessments and audits to identify vulnerabilities and recommend remediation strategies.
• Develop and implement security policies and procedures to enhance organizational security.
• Assist in the authorization and accreditation (A&A) process for information systems.
• Collaborate with cross-functional teams to ensure security measures are integrated into the software development lifecycle.
• Utilize tools such as Splunk and static application security testing (SAST) to analyze security data and improve incident response capabilities.
• Provide training and support to staff on cybersecurity best practices and compliance requirements.
• Stay updated on the latest cybersecurity trends, threats, and technologies to provide informed recommendations.

Requirements

• Minimum of 5 years of experience in cybersecurity risk management, with a focus on NIST RMF and FISMA.
• Proven track record of conducting security assessments and developing security policies.
• Strong knowledge of incident response, vulnerability management, and cloud cybersecurity, particularly in AWS GovCloud environments.
• Experience with security operations and infrastructure defense.
• Excellent communication skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, or CISA are highly desirable.
• Ability to work independently and manage multiple projects simultaneously.

Nice to Have

• Experience in educational technology or manufacturing workforce development.
• Familiarity with UNIX/Linux systems and security tools.
• Knowledge of security compliance frameworks beyond NIST.

What We Offer

• Competitive compensation based on successful completion of assessments.
• Flexible work hours and the ability to work from anywhere.
• Opportunities for professional development and continuous learning.
• Collaborative and supportive team environment.
• Access to the latest cybersecurity tools and technologies.