Security Risk Solutions, Inc., a professional information security services company in Mt.
Pleasant, SC, seeks an Information Assurance (IA) Analyst capable of supporting various IA
domains within a Federal healthcare environment. The candidate for this position will possess in-
depth knowledge of applicable Federal law (e.g., FISMA, HIPAA), Department of Defense (DoD)
processes (e.g., Risk Management Framework), Federal Agency guidelines (e.g., NIST 800-53),
and related security control compliance measures. The candidate must be able to show direct
experience evaluating compliance against these measures via the Assessment and Authorization
(A&A) process. The candidate will further demonstrate hands-on experience identifying and
executing requisite compliance of operational, management, and technical control measures;
including use of tools such as Assured Compliance Assessment Solution (ACAS) and Enterprise
Mission Assurance Support Service (eMASS).
Candidates must have excellent written and verbal communication skills, be able to represent the
company in the best light possible, be willing to travel, and be able to interact confidently with
individuals at every level of each organization.
Position Overview:
Directly interface with the customer to help conduct IA compliance and technical risk assessment
and mitigation activities in a Federal Healthcare environment. An ability to gather and organize
technical information about mission goals and needs, existing security infrastructure, and ongoing
programs in the organizations’ environment will be necessary in order to identify, advocate and
execute enterprise-level strategy and tactical-level (e.g., system-specific) risk analyses and
mitigation activities.
A working knowledge of several of the following areas is required:
- Must have working knowledge of Federal regulations and guidelines such as OMB
Circular A-130 Appendix III, HIPAA, NIST SP-800 series Security Guidelines, FIPS
Security Publications..
- Demonstrated strong experience in developing A&A packages as part of the RMF
process.
- Demonstrated strong experience in information security assessment activity such as
onsite Security Test & Evaluations (ST&E) using DoD, Federal Agency, and Service-
specific instructions, regulations, etc.
- Knowledge of DoD IA scanning tools preferred (e.g., eMASS, ACASS, Retina,
Nessus).
- Must be able to interpret and effectively communicate regulatory guidance, identified
vulnerabilities, and responsive recommendations to a wide audience
Candidate must have excellent analytical, written, oral communication skills, be a team player,
diplomatic, and decisive. Flexibility, a willingness to learn, and a creative approach to problem
solving are paramount to this candidate’s success.
Qualifications:
- Bachelors degree required; B.S. in IT, Information Systems Security, or related field
desired and at least 4 years experience in performing A&A and associated risk
assessment activities; OR
- Minimum of 8 years technical experience with commercial grade/production networks
and A&A and associated risk assessment activities