It security Compliance Analyst

Role: Information Cloud Compliance Analyst

Project Length: 9 months

Location: Hybrid/Remote – 1 day on-site in Bethesda (Monday) and 4 days remote

Responsibilities:

IT Security Compliance Analyst will provide Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems. He/she will ensure that the development and implementation of information security policies, requirements, and procedures are met and within an organization’s business processes. Reviews documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).

Required Skills and Job Duties:

• 7 years of security compliance experience
• Performing process and system evaluations (assessments) to ensure compliance with established policies, processes, procedures, and applicable standards
• Access Controls and assessment experience - dealing with challenges when an assessment of that control and/or ability to remediate a POA&M for that control & assessing or closing out the findings.
• GRC tools experience - CSAM, Tenable Nessus, Xacta, ServiceNow, Arc Sight, eMASS, and Governance, Risk and Compliance (GRC) Risk Vision, etc. - Must have a minimum of one
• Validating security control assessments results; strong documentation skills required
• Performing a variety of technical and administrative activities related to the function of QA (auditing), including, but not limited to, scheduling, checklist development, report writing, facilitating root cause/lessons learned analysis, and internal/external presentations
• Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation
• Conducts complex vulnerability assessments to include development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment
• Review system configurations and scan tool results to determine system compliance and report results.
• Compiling, analyzing, and reporting on findings of non-compliance and providing recommendations for improvement
• Capturing and maintaining plans of action and milestones on findings of non-compliance
• Tracking and escalating unresolved non-compliance issues and corrective and preventative action plans to closure
• Validating cyber security tests and assessments are conducted in accordance with established policies and procedures
• Formally and informally presents information in group and individual settings
• Experience with NIST SP 800-53, Risk Management Framework (RMF), and security assessment tools
• Demonstrated knowledge and/or experience with Operating System, Virtualization, and Networking technologies
• Bachelor’s Degree in a related field with appropriate background and knowledge of current industry technologies/standards for enterprise networks. Prior experience in information security/information assurance roles in may be substituted for education requirements (e.g., implementing and managing FISMA, FedRAMP, DoDI 8500.2, HIPAA, or PCI requirements)