Intermediate Information Security Analyst

Primary Responsibilities:

• Advising stakeholders on InfoSec initiatives including compliance, awareness and training, and security operations.
• Leading Independent Validation and Verification (IV&V) efforts on security authorization/ATO packages to ensure compliance to agency requirements.
• Leveraging the existing Governance, Risk, and Compliance (GRC) tool, Telos Xacta (or an alternate like CSAM or RSA Archer), to track and reconcile findings from assessments, audits, and vulnerability scans.
• Coordinating government data calls (FISMA, FMFIA, BDR, etc.) and monthly reports.
• Assessing the effectiveness of the InfoSec and privacy training program and leading the collection, analyzing, and presentation of enterprise-level InfoSec performance metrics.
• Managing InfoSec Program POA&Ms, including advising on remediation efforts.
• Providing administrative support to Xacta (or equivalent GRC tool) users and authoring operational procedures.
• Working closely with senior agency security officials, system owners, information system security officers (ISSOs) and other stakeholders to advise and implement security solutions.
• Identifying opportunities for efficiencies in work process and innovative approaches.
• Participating in team problem solving efforts and offer ideas to solve client issues.
• Preparing and assisting in the development of policy and procedures.
• Conducting relevant research, data analysis, and developing reports.
• Preparing and assisting in the development of policy and procedures for program-level management and promoting consistency in program management best practices.
• Implementing processes and procedures to monitor risk across programs / projects.
• Preparing briefings to executive team to debrief the results of studies, analyses, and plans.

Required Qualifications:

• Ability to obtain a Public Trust
• Bachelor's degree in Information Technology or related field and 5 years of relevant IA experience. May substitute security certification (e.g. CISSP) for 2 years of experience.
• Strong data analysis skills.
• Excellent written and verbal communication skills.
• Possess in-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 security controls.
• Possess in-depth knowledge of NIST 800-37 Risk Management Framework.
• Experience with a Governance, Risk and Compliance tool (e.g., Xacta, RSA Archer, CSAM or eMASS).
• Excellent attention to detail.
• Ability to handle and prioritize multiple tasks and deadlines.
• Possible travel to DC Client site/DSA office for badging/equipment.

Desired Qualifications:

• Intermediate level cybersecurity certification (e.g., CompTIA Security+, ISC2 CGRC).
• In-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 5 security controls.
• Public Trust