Execute the VA Enterprise Risk Analysis process using a custom ERA tool to identify key cyber security risk factors in network connected medical devices and Special Purpose Systems
Summarize, evaluate, and report risk factors using quantitative and qualitative scores for awareness of residual cyber risk
Acquire, review and leverage system documentation and data gathered through questionnaires and interviews
Document critical security posture elements in a common reporting format
Perform annual reviews to support effective continuous monitoring
Collaborate with Federal and contractor team mates for best outcomes in the ERA process
Requirements
Experience with Cybersecurity, risk management, or risk assessment for complex systems
Experience with NIST SP 800-53 and NIST SP 800-30
Experience with documenting and depicting network topology and network protocols
Ability to engage directly with clients, and third parties to facilitate enterprise risk analysis
Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
Bachelor’s degree in Computer Science, Mathematics, Engineering or technical discipline and 10 years of relevant work experience or 18 years of relevant work experience in lieu of degree