Information Assurance Compliance Analyst Level II

Sycamore Enterprise Solutions, Inc - Falls Church, VA (30+ days ago)


Responsibilities:

  • Works closely with Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented.
  • Assesses and mitigates system security risks; determines and analyzes security requirements for implementation and testing.
  • Reviews and continuously monitors implemented security controls.
  • Creates and maintains security checklists, templates and other tools to aid in the A&A process.
  • Performs security control assessment using NIST 800-53A guidance and as per continuous monitoring requirements.
  • Performs risk analyses to determine and recommends essential safeguards.
  • Proactively mitigates system vulnerabilities and recommends compensating controls.
  • Prepares security authorization packages in accordance with the client contractual requirements.
  • Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc.
  • Maintains client-specific Plan of Action and Milestones and supports remediation activities.
  • Maintains an inventory of hardware and software for the information system.
  • Develops, tests and trains on Contingency and Incident Response planning.
  • Conducts independent scans of application, network and database and utilizes Managed Security Services Vulnerability Assessment Team (VAT) support as applicable.

EXPERIENCE LEVEL: 3-5 years’ experience working in a risk management, audit, security or technical delivery role

EDUCATION: Bachelor or master degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)

CERTIFICATIONS (One or more desired) - CompTIA Security+ CE, OR; Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC), OR; ISC2 Systems Security Certified Practitioner (SSCP), OR; Cisco Certified Network Associate (CCNA) Security and CISSP

PREFERRED SKILLS: - Fluent in English, grammar and communication.

KNOWLEDGE AND SKILLS REQUIRED:

  • Ability to influence OCISO Delivery system stakeholders in the execution of security and compliance requirements
  • Knowledge of the security countermeasures and overall RMF and NIST compliance Experience as a Security consultant in Risk and Compliance
  • Experience in working with security mgt including information governance and compliance
  • Good understanding of Assurance Practices and Risk Management, hands on experience;
  • Experience of security processes and standards, in particular NIST 800-series and RMF
  • Knowledge of security audit and accreditation processes
  • Ability to interpret request for proposal and respond to security and compliance requirements
  • Knowledge of Federal Security, industry and market trends.
  • Understands federal security and regulations impacting security requirements to develop strategies for supporting internal operations.

Job Types: Full-time, Contract

Salary: $60,000.00 to $80,000.00 /year

Experience:

  • cyber security: 5 years

Education:

  • Bachelor's