SCIPP International - SCIPP International - Cybersecurity Certification Program--CISA

"In this course, students focus on the critical domains of the Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC) frameworks, with a special emphasis on audit and assessment functions. Students develop a deeper understanding of cyber audit and risk assessment by combining review, analysis, and practical application.Components of this course include: Review and Analysis of CISA and CRISC Domains: You will engage in an in-depth review and critical analysis of selected domains within the CISA and CRISC frameworks, focusing particularly on those related to audit and assessment. This will equip you with a comprehensive understanding of the standards, methodologies, and best practices these frameworks advocate. Application through Case Studies: Leveraging your domain knowledge, you will tackle case study tasks that simulate real-world audit and assessment scenarios. These practical exercises are designed to challenge your understanding and application of CISA and CRISC principles, honing your skills in identifying, assessing, and mitigating information system risks. Preparation for CISA Certification: Alongside the practical and analytical aspects of the course, you will be systematically prepared for the CISA Certification exam. This preparation includes understanding the exam structure, mastering the content areas, and applying test-taking strategies to enable you to pass the CISA exam on your first attempt.Upon completion of this course, you will have:• Developed a deep understanding of key audit and assessment domains within the CISA and CRISC frameworks.• Applied your knowledge through practical case studies, enhancing your skills in real-world audit and assessment tasks.• Prepared thoroughly for the CISA Certification, positioning yourself as a competent information systems auditor ready to contribute effectively to the governance, risk management, and protection of information assets.You will utilize the theoretical foundation and practical experience employed by this course as an essential steppingstone for specializing in information systems audit and risk management.

Paragone Solutions is seeking a Information Systems Security Manager/Developer to provide information technology security excellence in support of the Food, Nutrition and Consumer Services (FNCS). The qualified candidate will be Responsible for the cybersecurity of a program, organization, system, or enclave. They will design, develop, test, and evaluate information system security throughout the systems development life cycle. This position will be primarily onsite, Monday-Friday during core hours (7:30am-6:00pm) in Alexandria, VA; Occasional remote work will be authorized (ex. inclement weather).This position is contingent upon contract award. A letter of commitment will be required to submit along with candidate resume.Responsibilities Include:Analyze design constraints, trade-offs, and system/security design considering life cycle support.Apply security policies to interfacing applications, assess cybersecurity measures, threats, and vulnerabilities, and develop security risk profiles.Build, test, modify prototypes, and conduct Privacy Impact Assessments (PIAs) for PII protection.Design and develop cybersecurity products, hardware, OS, software, and ensure data backup capabilities.Develop and direct system testing, validation procedures, and security design documentation.Create Disaster Recovery and Continuity of Operations plans and test before production.Develop risk mitigation strategies, countermeasures, and security solutions for systems/applications.Identify, allocate, and describe security functions and remediate technical problems.Prioritize essential system functions for recovery, assess cybersecurity products, and implement security designs.Perform risk analysis for major changes, provide implementation guidelines, and input into Risk Management Framework activities and documentation.Store, retrieve, and manipulate data for system analysis, support security testing, and use models to predict system performance.Design key management functions, analyze user needs for system security development, and document cybersecurity activities.Integrate SDLC methodologies, employ configuration management processes, design, implement, test, and evaluate secure interfaces, and update system security measures.Address security requirements, develop mitigation strategies for risks, perform security risk assessments, conduct security reviews, and identify architecture gaps.Provide input to implementation plans, trace system requirements to design components, and verify system architecture stability and scalability.Acquire and manage resources for IT security goals, enterprise continuity, and compliance activities.Advise senior management on risk levels, security posture, cost/benefit analysis, and changes affecting cybersecurity.Collect, maintain, and communicate cybersecurity data and its value throughout the organization.Collaborate on enterprise continuity strategies and ensure cybersecurity requirements are integrated.Evaluate, validate, and implement security improvements, inspections, tests, and reviews.Establish and maintain enterprise information security architecture and monitor its effectiveness.Develop and direct security testing, validation, and risk mitigation strategies.Identify and prioritize security functions, strategies, and alternative solutions.Interface with external organizations to disseminate incident and cybersecurity information.Lead IT security alignment with strategy, manage budgets, staffing, and training programs.Monitor and evaluate cybersecurity safeguards, threat analysis, and incident response.Oversee and provide input on security training, risk assessments, policy standards, and procurement processes.Track audit findings, ensure mitigation actions, and compliance with guidelines and laws.Support and manage security requirements in acquisitions, procurement, and system life cycle.Promote security awareness and ensure IT policies reflect the organization's mission and goals.Qualifications:Recent experience supporting information security or cybersecurity projects for theFederal government or USDA is preferred.Demonstration of strong leadership and management experience.Experience in cloud security and guiding the secure implementation of cloud solutions is required.Recent experience in supporting the secure implementation of cloud native and emerging technologies (artificial intelligence, robotic process automation, etc.) is preferred.Requirements:A bachelor’s degree in cybersecurity, information technology or a related field from an accredited college/university is required.Required Certifications include one or more of the following:Certified Information Systems Security Professional (CISSP)Certified Information Systems Auditor (CISA)Certified in Governance, Risk and Compliance (CGRC)Certified in Risk and Information Systems Control (CRISC)Certified Information Security Manager (CISM)Certification(s) in Splunk Enterprise, Tenable vulnerability management and Tanium.

"1. For a minimum 2/3 scholarship: HS diploma, domiciled in Virginia2. For a full scholarship: all of #1 above plus family income less than 4 X the povertly level in Virginia (Over 90% have qualified since January 2024.)3. Complete your Cyber EQ, submit your resume and be interviewed. 4. If eligible, GI benefits may be usedRequest your scholarship application materials at: academics@scippinternational.org