Cyber Security Risk Lead

Primary Responsibilities:

• Lead cybersecurity risk management for VA corporate IT systems, identifying, assessing, and prioritizing risks across legacy and DevSecOps environments (e.g., AWS, Azure). 
• Develop and implement risk mitigation strategies, ensuring compliance with VA security standards (e.g., FISMA, NIST 800-53, FIPS 140-2, HIPAA) and VA Handbook 6500. 
• Conduct regular security assessments, vulnerability scans, and penetration testing, collaborating with DevOps and Cloud Engineers to harden systems and CI/CD pipelines. 
• Oversee the integration of security controls (e.g., encryption, access management, monitoring) into development and deployment processes, aligning with Agile delivery cycles. 
• Serve as the primary point of contact for VA stakeholders, including the Information Security Officer (ISO) and Contracting Officer’s Representative (COR), on cybersecurity risk and compliance matters. 
• Utilize VA-approved tools (e.g., Jira, GitHub, ServiceNow) to document risk assessments, track remediation efforts, and contribute to Biweekly Status Reports on security posture and incidents. 
• Ensure alignment with the VIP Lean-Agile framework by embedding security practices into Agile ceremonies (e.g., sprint planning, retrospectives) and supporting incremental delivery. 
• Coordinate with Solution Leads and Data Architects to secure data migrations, cloud deployments, and enterprise asset management systems (e.g., IBM Maximo). 
• Monitor emerging threats and regulatory changes, advising on the adoption of technologies like AI-driven security analytics to enhance VA OIT’s cybersecurity resilience. 
• Mentor team members on cybersecurity best practices, risk management frameworks, and federal compliance, contributing to Trilogy’s staff development and technical excellence initiatives. 
• Manage incident response planning and execution, ensuring rapid resolution of security breaches and minimal impact on VA operations. 
• Drive exceptional customer satisfaction by delivering proactive, Veteran-centric cybersecurity solutions that safeguard VA systems and data. 

Minimum Requirements:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. 
• One of the following certifications required: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or GIAC Security Leadership Certification (GSLC). 
• 8+ years of experience in cybersecurity, risk management, or a related leadership role, with a focus on federal or VA IT environments. 
• Proven expertise in risk assessment, security compliance, and mitigation strategies, with hands-on experience using tools like Nessus, Qualys, Splunk, or Tenable. 
• Strong leadership and analytical skills, with the ability to manage complex security challenges in a dynamic, fast-paced environment. 
• Familiarity with VA security standards (e.g., FISMA, NIST, HIPAA) and the VIP Lean-Agile framework is highly desirable. 
• Proficiency in MS Office Applications (Word, Excel, PowerPoint, Visio, SharePoint) and VA-approved tools (e.g., Jira, GitHub, ServiceNow). 
• Ability to adapt to evolving security threats and travel occasionally to VA sites in Washington, D.C., as needed. 
• Ability to obtain a Public Trust Clearance

Preferred Qualifications:

• Master’s preferred
• Additional certifications such as CEH (Certified Ethical Hacker) or CRISC (Certified in Risk and Information Systems Control) preferred.

Benefits (including but not limited to):

• Health, dental, and vision plans
• Optional FSA
• Paid parental leave
• Safe Harbor 401(k) with employer contributions 100% vested from day 1
• Paid time off and 11 paid holidays
• No cost group term life/AD&D plan, and optional supplemental coverage
• Pet insurance
• Monthly phone and internet stipend
• Tuition and training reimbursement