Cyber Security Risk Expert IV

Design, administer, and execute procedures for the identification, assessment, documentation, and communication of risks that could compromise data and operations stemming from weaknesses in technology platforms, solution architectures, governance processes, and security capabilities, against industry standards and best practices. Provide recommendations to improve and sustain the security of the enterprise's data and operations and document the organizational risk response plan (accept, mitigate, transfer, or avoid). Monitor, report on, and validate, the status and efficacy of risk mitigation, transfer, or avoidance plans.

Task Description And/or Any Specific Requirements

• Demonstrate expert-level knowledge and proficiency with ServiceNow (SNow) Vulnerability Response (VR) and generally associated modules, including but not limited to the following skills, abilities and knowledge:
• General: Deep understanding of SNow platform's core functionalities and components, including forms, MID servers, tables, dashboards and access control lists (ACLs)
• Scripting: Proficiency in rules and scripting (e.g., JavaScript), adequate to develop, test and deploy
• Integrations: Proficiency to develop and troubleshoot VR integrations, including knowledge of APIs and service graph connectors
• Dashboarding: Proficiency in designing and developing VR-focused dashboards and reports
• Design and administer procedures within the organization to sustain the security of the organization's data and access to its technology and communication systems
• Assess the risk of exposure of proprietary data through weaknesses in platforms, access procedures and forms of access, to the organization's systems and data contained within
• Ability to review, collate, understand and present data, from various sources, to meet the remediation needs and expectations of the organization
• Knowledge of automation coding, to automate data extrapolation, organization and dissemination, to meet the needs of the organization
• Ability to review, investigate and assign cybersecurity vulnerabilities, for a variety of applications, systems and hardware, including cloud computing
• Manage several projects/initiatives of various sizes, complexities and risks
• Demonstrated proficiency in successfully evaluating and supporting documentation, validation and remediation processes required to ensure new and existing information technology (IT) systems meet the organization's vulnerability remediation expectations and requirements
• Demonstrated ability to review and understand security blueprints, principles, models, designs, standards, and guidelines to ensure enterprise cybersecurity remediation support is consistent and beneficial to the organization
• Experience with vulnerability remediation and remediation processes and efforts, as well as remediation tools
• Ability to serve as subject matter expert (SME) for the VRM process, including providing guidance to stakeholders, business units and new CISO resources, as necessary
• Strong organizational skills and ability to build and maintain schedules and step-by-step action plans
• Effective communication and collaboration skills to work with cross-functional teams, business units, stakeholders and IT professionals, and to conduct presentations to varying audiences and technical knowledge levels.
  
  

Experience/Education

• A minimum of thirteen (13) to twenty (20) years' relevant experience.
• A degree from an accredited College/University in the applicable field of services is preferred. four additional years of relevant experience in lieu of a college degree is required. If the indiviual's degree is not in the applicable field then four additional years of related experience is required.
• Works on high-visibility, or mission critical aspects of a given program, and performs all functional duties independently.
• Oversees the efforts of direct reporting resources and/or be responsible for the efforts of all staff assigned to a specific job.
• Note: Special credentials (licenses and/or certifications) may be required at the Task Order level on a case-specific basis.