×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant

Common Control Governance SME

Job in Washington, District of Columbia, 20022, USA
Listing for: ECS
Full Time position
Listed on 2026-01-26
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 160000 - 175000 USD Yearly USD 160000.00 175000.00 YEAR
Job Description & How to Apply Below

Overview

ECS is seeking a Common Control Governance SME to work in our Washington, DC office.

Position Responsibilities
  • Be a driver of holistic and enterprise-scale changes in cyber-security programs within large Federal clients. Act as a “disruptor to the status-quo” to drive needed changes to cybersecurity and common control governance to ensure that security and privacy best-practices and statutory and regulatory requirements are met in a holistic and cost-effective manner.
  • Provide consultation expertise at various levels with a large Federal agency to develop and maintain an enterprise-scale NIST RMF common control program that reacts quickly to changing regulatory and operational drivers, including emerging technical, operational and management risk-drivers.
  • Participate in Daily, Weekly, and Monthly status meetings with key Government personnel, at times on short notice, to ensure stakeholders are informed of program status and progress on various cyber initiatives. Provide an opportunity to set priorities, identify opportunities or concerns, and coordinate resolution of identified problems.
  • Develop program level security documentation, audit liaison activities, and compliance oversight activities to strengthen the enterprise-level security program and promote compliance with the Risk Management Framework (RMF).
  • Support the performance of independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).
  • Support the management and implementation of continuous monitoring solutions to increase the visibility and transparency of network activity.

Salary Range: $160,000 - $175,000

Benefits

General Description Of Benefits

Required Skills
  • 8+ years of cyber RMF consulting experience advising Cybersecurity programs in large federal organizations.
  • Experience managing NIST RMF common controls throughout their life cycle.
  • Experience producing, implementing, or advising on NIST RMF common control policy.
  • Strong interpersonal and human relations skills, including ability to communicate technical concepts to non-technical personnel.
  • Strong written, verbal, and presentation skills, including demonstrated ability to interact effectively with Senior Agency management and leadership.
  • Strong stakeholder management and engagement skills with staff at all levels, including ability to collaborate with people of varied technical backgrounds and management levels.
  • Advanced understanding of and experience with GRC tools, policy, procedures, and processes, including (but not limited to) FISMA audits and compliance, NIST, RMF, and recent Executive Orders.
  • Experience with NIST Risk Management Framework and Governance, Risk & Compliance (GRC) and cybersecurity capabilities/tools.
  • Strong familiarity with NIST Risk Management Framework at the subject matter expert level, particularly including SP 800-30,
    -37,
    -39,
    -137,
    -53, and
    -53A/B.
  • Ability to guide the development of enterprise-specific implementation guidance for agency management.
  • Ability to analyze and interpret Federal legislation, directives, Office of Management and Budget (OMB) mandates, and guidance provided by the National Institute of Standards and Technology (NIST) against existing information security and privacy policy to identify required updates.
  • Ability to conduct research on new and emerging information technologies and develop comprehensive information security and privacy policy, standards/guidelines, and procedures to facilitate the implementation of information security and privacy controls. Must have working knowledge of the Privacy Act of 1974 (as amended), the Federal Information Security Modernization Act (FISMA) of 2014.
Certifications/Licenses
  • A Bachelor's degree from an accredited college in systems engineering, computer science, computer engineering, information technology, management information systems or equivalent.
  • Combined 8+ years in cyber, IT or related fields.
  • At least one Cybersecurity or related certification. Preferred include:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • GIAC Security Essentials…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search