Security Analyst - Herndon, Va
The Security Analyst is a member of Information Assurance (IA) in the Office of Cybersecurity and is responsible for supporting the maintenance, development and improvement of the security policies, processes and compliance documentation. The analyst supports major initiatives in the areas of audit and compliance functions assigned to the IA team. The role supports compliance requirements with standards such as PCI-DSS, FISMA/NIST 800-53, SOC 2, ISO/IEC 27000 series, as well as third-party external reviews. This role further helps develop, present, and maintain security awareness training material and assessments for staff.
* Conduct security control assessment of systems and prepare security assessment report.
* Provide expertise as it relates to FISMA, NIST Special Publications and Standards, and other federal guidance
* Support the development, monitoring and update of agency information security policies and procedures.
* Support the development of assessment & authorization deliverables including but not limited to risk assessment, FIPS 199, system security plan, IT contingency plan, incident response plan, and others.
* Assist in conducting Agency IV&V (quarterly and ad hoc) tests to evaluate the effectiveness of policies, procedures, and practices
* Track, report, and remediate of agency Plan of Action & Milestones (POA&Ms)
* Monitor and report on updates to applicable authoritative guidance on a continuous basis.Qualifications
* Minimum Education: Bachelor-s Degree from accredited United States college or university in Accounting, Finance, Computer Science, Engineering, Mathematics, or Information Systems
* CISA Certification
* Experience supporting IT system audit readiness, IT audit reviews, IT system control documentation, or FISCAM and Risk Management Framework (RMF) implementation and sustainment capabilities.
* Candidate must have 5-7 years of full-time (excluding internships) experience within the past 10 years of progressive experience in the IT field.
* Possess working knowledge of IS requirements and standards including PCI-DSS, FISMA/NIST 800-53 and/or ISO/IEC 27000.
** FOR IMMEDIATE CONSIDERATION PLEASE SEND YOUR MOST UPDATED RESUME TO WESTON.WALKER@RHT.COM **