Job Specifications
Thank you for considering IT Concepts dba Kentro, where innovation drives opportunity and collaboration leads to success. Our dynamic community of experts is fully committed to advancing our customers' missions, fostering professional growth, and making a positive impact on our communities.
By joining our supportive community, you will find that Kentro is dedicated to your personal and professional development. Together, we can drive meaningful change, spark innovation, and achieve extraordinary milestones.
Kentro is seeking a highly skilled Cybersecurity High Value Asset (HVA)/Audit SME who serves as the primary subject-matter expert, responsible for managing the Department of Commerce HVA program and cybersecurity audit readiness, execution, and remediation activities across DOC Operating Units.
Responsibilities:
High Value Asset (HVA) Leadership
Lead the HVA program, ensuring accurate inventory, system categorization, and documentation.
Coordinate HVA assessments, schedules, and remediation activities with system owners and assessment teams.
Maintain HVA-related tools, reports, dashboards, and guidance documents.
Track HVA findings and provide visibility to OCRM, OCOS, and senior leadership.
Cybersecurity Audit Management
Lead planning, coordination, and tracking of all cybersecurity audits (FISMA, A-123, FMFIA, OIG, internal controls).
Maintain the cybersecurity audit risk register, tracking risks, remediation plans, and progress.
Prepare packaged responses, CAPs, audit artifacts, and closure documentation.
Develop or update audit playbooks, process documents, and guidance materials.
Risk, Compliance & Reporting
Monitor risks tied to HVAs and audit findings, providing updates to leadership.
Support development of risk summaries, dashboards, and program-level reporting.
Ensure alignment with NIST RMF, CSF, FISMA, OMB guidance, and DOC cybersecurity policies.
Stakeholder Engagement
Serve as the primary liaison between OCRM, OCOS, ESOC, Operating Units, auditors, and assessment teams.
Provide clear communication, status updates, and issue escalation as needed.
Develop concise briefings and summaries for leadership and audit stakeholders.
Location: Hybrid in Washington, DC
Salary Range: $150,000-160,000/annually. Factors influencing pay within this range include geography, market demand, skills, education, experience, and other qualifications of the successful candidate.
Requirements
Bachelor's degree in Cybersecurity, IT, Engineering, or related field (or equivalent experience).
8+ years supporting federal cybersecurity programs.
Deep understanding of NIST RMF, NIST CSF, FISMA, OMB A-130, A-123, FMFIA, DHS BOD 18-02, FedRAMP, and DOC cybersecurity policies.
Experience working with audit frameworks, internal control environments, and enterprise risk management.
Ability to interpret complex cybersecurity findings and translate them into actionable remediation strategies.
Strong analytical, documentation, and communication skills, including executive-level briefing development.
Demonstrated ability to work with cross-functional technical and non-technical stakeholders.
Experience managing high-visibility cybersecurity programs and maintaining compliance with federal mandates.
Preferred Qualifications
Experience with system assessments, audits, or continuous monitoring tools.
Experience performing risk assessments, audit coordination, or HVA program management.
Certifications such as CISSP, CISM, CISA, CRISC, or PMP.
Experience in federal cybersecurity environments.
Clearance:
Must be a U.S. citizen
Must be able to obtain and maintain Public Trust Clearance
Benefits
The Company
We believe in generating success collaboratively, enabling long-term mission success, and building trust for the next challenge. With you as our partner, let's solve challenges, think innovatively, and maximize impact. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions. We are a close community of experts that pride ourselves on creating an environment defined by teamwork, dedication, and excellence.
We hold three ISO certifications (27001:2013, 20000-1:2011, 9001:2015) and two CMMI ML 3 ratings (DEV and SVC).
Industry Recognition
Growth | Inc 5000's Fastest Growing Private Companies, DC Metro List Fastest Growing; Washington Business Journal: Fastest Growing Companies, Top Performing Small Technology Companies in Greater D.C.
Culture | Northern Virginia Technology Council Tech 100 Honoree; Virginia Best Place to Work; Washington Business Journal: Best Places to Work, Corporate Diversity Index Winner - Mid-Size Companies, Companies Owned by People of Color; Department of Labor's HireVets for our work helping veterans transition; SECAF Award of Excellence finalist; Victory Military Friendly Brand; Virginia Values Veterans (V3); Cystic Fibrosis Foundation