About ITnova:  

ITnova is an engineering and information technology (IT) consulting firm. ITnova specializes in the System Development Life Cycle (SDLC), in particular, project management, business analysis, business re-engineering, quality assurance, testing and IT integration for the U.S. local, state and federal government. ITnova’s approach of using proven methodologies, techniques and metrics allows ITnova to ensure project quality for key activities and milestones. ITnova is an Equal Opportunity Employer (EOE).  

Benefits:  

• Medical benefits 
• 401k 
• Paid-time-off and  
• Training reimbursement. 

Education: Bachelor’s or higher degree in Information Technology, Cybersecurity, Computer Science, or a related field. Required CISSP certification, with a strong preference for candidates who also hold NIST Cybersecurity Framework (NCSF), or other relevant certifications.

General Experience: At least 6 years of experience in cybersecurity, with a significant portion dedicated to roles that specifically involve the application of the NIST SP 800 series framework within state or federal agencies.

Duties:

• Develop, implement, and manage security measures and controls in alignment with the NIST SP 800 series framework, ensuring comprehensive protection of IT assets and sensitive data within state or federal agencies.
• Work collaboratively with agency stakeholders to identify and assess specific security requirements, ensuring that security strategies effectively mitigate risks while complying with NIST guidelines.
• Lead the integration of NIST SP 800 framework principles into all aspects of IT security, from system design and development to operational processes and incident response.
• Conduct detailed risk assessments and security evaluations against the NIST SP 800 standards to identify vulnerabilities and gaps in security posture, recommending and implementing enhancements to mitigate risks.
• Facilitate training and awareness sessions for agency personnel, focusing on the importance of compliance with the NIST SP 800 series and promoting a culture of cybersecurity awareness and best practices.
• Serve as a cybersecurity expert within the agency, providing guidance on the interpretation and implementation of NIST SP 800 series guidelines and supporting the resolution of security incidents in accordance with these standards.