Information Security Analyst - Corporate
FEi is a leading IT company specializing in Federal and Local Government data system solutions. For the past decade we have maintained a leading position in providing programming and consulting services in our primary areas of expertise- Behavioral Health Data Systems, and Clinical Trials Software Solutions for institutional systems of care.
At FEi Systems, we recognize that our employees are an important part of our success. We promote a team environment where all employees have the opportunity to achieve professional and personal success. Currently FEi is looking for highly skilled, self-motivated and creative individuals to join our talented team of experts. FEi is an equal opportunity employer that believes in growing and promoting a diverse work force. Our employee compensation and benefits package is competitive within the industry and is designed to help employees meet varying needs throughout their careers and lives. If you're looking for a rewarding work environment that will challenge your mind and expand your horizons, then joining the FEi team may be right for you.
The Information Security Analyst is responsible for monitoring, evaluating, and maintaining systems and procedures to protect networks, systems, and data from unauthorized uses. The incumbent identifies potential threats and responds to reported security violations, determines causes of security violations and recommends corrective actions to ensure data security. The Security Analyst also researches, recommends, and implements changes to procedures and systems to enhance data systems security, and assists in communicating security procedures to users. Ours is a matrix organization in which the Security Analyst usually reports indirectly to a first line manager from a program standpoint but will report directly to our CSO and will need to possess and apply a comprehensive knowledge of the principles, practices, and procedures related to information security, risk management, privacy, and IT governance to the completion of meaningful and challenging assignments.
Duties and Responsibilities:
* Works under general supervision to plan and conduct security related assignments for one or more programs/customers
* Responsible for authoring (or reviewing the work of others) all documents necessary for a Federal or State system to earn and keep its systems accreditation
* Manage POA&M's by creating and documenting new Corrective Action Plans (CAPs) and tracking them to completion
* Trusted advisor to Program Manager and development team to ensure adherence to security architecture and development standards
* Responsible for ensuring program level compliance with FISMA Controls (e.g., SP800-53)
* Act as one of several primary points of contact for the customer relative to matters of information security
* Provide guidance to our Program Managers and Program Directors regarding internal security strategy
* Help implement selected program components for our internal security department/posture
* Information Security Domain expertise - Candidate must be very familiar with standard concepts, practices, and procedures within the information security domain.
* Risk Management - Person must understand the total process of identifying, controlling, and mitigating uncertain events that may negatively affect system resources including risk analysis, cost-benefits analysis, selection, implementation and testing, security evaluation of safeguards, and overall security review.
* Federal Security Compliance - Must be fluent with FISMA, NIST SP800-53, and the Federal systems certification and accreditation process
* Writing Skills - Individual must be experienced in authoring/maintaining security artifacts (e.g., SSP, ISRA/RA, CP, PIA, PTA, SORN, etc.)
* Interpersonal - Must demonstrate self-motivation with a strong ability to work in a multi-tasking, changing environment.
* Governance - Experience with major governance regulations (e.g., SOX, HIPPA, HITECH, NISPOM, DITSCAP)
* Industry Experience - Healthcare industry experience, with a particular emphasis on health payer solutions, electronic health records, behavior health, data analytics, claims adjudication, medical management, and fraud detection and prevention is critical
* Customer Sensitivity - Experience working with and/or for Health focused Agencies of the Federal Government to include NIH, CDC, CMS, VA, SAMHSA. Experience working with DHHS specific protocols (e.g., BPSSM, RMH, XLC, TRA, etc.).
* Systems Development - Experience in full life cycle information technology solution implementation from conceptualization, requirements, design and specification through development (coding), integration testing and commissioning.
* Other - Strong technical design and communication skills.
Experience & Education
* A Bachelor's Degree with 5 years of related professional experience or 6+ years of directly related professional experience may be substituted for the degree requirement.
* Master's Degree preferred but not mandatory
* Professional Security Certification is required (e.g., CISSP, CISM, CISA, etc.).
There is minimal travel required (i.e., less than 10%). Will attend at least one offsite security conference/training event per year.
Full time, must be able to obtain Public Trust; other clearance may or may not be required.
Location: Columbia, MD, Full time position with full company benefits
NOTICE: EO/AA/VEVRAA/Disabled Employer - Federal Contractor. FEi Systems participates in E-Verify, a federal program that enables employers to verify the identity and employment eligibility of all persons hired to work in the United States by providing the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. For more information on E-Verify, please contact DHS at (888) 464-4218.
Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, marital status, political affiliation, disability, or genetic information, except where it relates to a bona fide occupational qualification or requirement.