IT Security Analyst

Our client is seeking an accomplished IT Security Analyst on a hybrid 24 month renewable contract opportunity in Luray, VA.

#of positions: 2

Role – IT Security Analyst

Job Description

Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps

• Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
• Preparing Security Impact Assessments, Addendums, Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations
  
  

Memorandums

• Identify, assess, and prioritize identified risks
• Collect evidence, artifacts, and document findings to support conclusions
• Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
• Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
• Coordinate third-party risk assessments and IT audits
• Manage remediation efforts and report on the status of control deficiencies
• Support security initiatives and global policy adherence and awareness efforts
• Support global information security metrics and reporting program(s)
• Provide security expertise to business units and key stakeholders
• Enforce policy adherence and manage formal policy exception requests
  
  

Provide timely status updates/reporting on assessments and assigned projects

Required/Desired Experience

i.A Bachelor degree in Computer Science or a related engineering field with training in information security

ii. 10 years’ experience in Information Security

iii. 5 years’ experience building and managing Windows server platforms

i. Thorough knowledge of NIST 800 Special Publications, Federal Information Processing

ii. Expertise the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud-based systems (ie., FedRAMP)

iii. Experience using security scanners (e.g. Nessus, Nexpose, etc) and remediating vulnerabilities

About Vector

Vector Consulting, Inc., (Headquartered in Atlanta) is an IT Talent Acquisition Solutions firm committed to delivering results. Since our founding in 1990, we have been partnering with our customers, understanding their business, and developing solutions with a commitment to quality, reliability and value. Our continuing growth has been and continues to be built around successful relationships that are based on our organization's operating philosophy and commitment to ** People, Partnerships, Purpose and Performance - THE VECTOR WAY

www.vectorconsulting.com

“Celebrating 30 years of service”