About us:
Gen3 Technology Consulting isan SBA-certified Woman-Owned Small Business (WOSB) providinga diverse set of technology services and solutions to federal and commercial clients. Founded in 2017, Gen3 leverages over 25 years of information technology management and leadership experience to help our clients define, plan, manage, and achieve their strategic vision while protecting their critical IT assets.We attract and retain the highest caliber of talent by supporting an inclusive work environment, cultivating growth and leadership both professionally and personally, and encouraging work-life balance. We strive to make it our priority to be compassionate, family-friendly, respectful, and flexible.
Gen3’s Joint Ventures,Pivotal Impact(JV with Caldwich) andVetCentric(JV with PingWind) expand our team’sknowledge and expertise as we pool resources to bring federal agencies strong technical, program management, and cyber security solutions, derived by a disciplined management consulting approach.
About the role:
The Enterprise Risk Analyst(ERA) role executes the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network-connected medical devices and Special Purpose Systems (e.g., building automation systems, physical security systems, operational technology). These risk factors are summarized, evaluated, and reported using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network.
Location:Remote, U.S. Candidates residing in an SBA HUBZoneare preferred.
What you'll do:
- The ERA Analyst must acquire, review, and leverage system documentation and data gathered through questionnaires and interviews with customers in the field and vendor/manufacturer representatives to accurately document critical security posture elements in a common reporting format. These elements include hardware/software inventory, communications profile, system interconnections, data types and stores, and the presence or lack of security controls, settings, and mechanisms for a given device type.
- The analyst works within the Specialized Device Security Division Risk Management team and is expected to collaborate with Federal and contractor teammates to achieve the best outcomes for the ERA process.
What you'll need:
- Bachelor's degree in computer science, engineering, or technology and 10 years experience in a professional work environment or 18 years of experience in a professional work environment in lieu of education.
- Experience with Cybersecurity, risk management, or risk assessment for complex systems.
- Experience with NIST SP 800-53 and NIST SP 800-30.
- Experience with documenting and depicting network topology and network protocols.
- Ability to engage directly with clients, and third parties to facilitate enterprise risk analysis.
What's desired to have:
- Experience with cybersecurity analysis of medical technology or the Internet of Things (IoT).
- Experience with Governance, Risk, and Compliance (GRC).
- Experience with Assessment and Authorization (A&A) and eMASS.
- Experience with Excel and Visio.
- CompTIA Security+ or Certified Risk Management Professional (CRISC) or Certified in Risk and Information Systems Control (CRISC).
- Public Trust clearance.
