IT Security Policy Analyst (ISSO) - Hybrid
Washington, DC
Applications have closed
AnaVation is seeking an IT Security Policy Analyst (ISSO) for our mission-critical customer in Washington, DC.
Responsibilities:· Familiarity with the security control families from the NIST guidance covered by the documents that they are responsible for evaluating.· Ability to provide subject matter expert-level knowledge to the project team to ensure compliance with applicable requirements.· Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST). · Hands-on experience using a Governance, Risk, and Compliance tool, such as CSAM or eMASS.· Ability to conduct gap analysis on non-federated vendor audit results, such as SOC Type 2, HIPAA comparison review and analyst against NIST SP 800-53 Revision 5 security controls· Hands-0m experience provide C-Level presentation and reporting· Excellent written communication skills and understand the purpose and use of the System Security Plan (SSP). · Possess an understanding of control inheritance as applied to the Risk Management Framework (RMF) implementation in the CSAM tool.· Ability to accurately manage complex workstreams, comprehend the application of the RMF, and understand the application of security controls across the interface, application, operating system, network, and database layers of modern information systems. Understand the applicable artifacts used as evidence to assess compliance.· Experience with multiple tools providing security functions such as vulnerability management (e.g. Nessus, Retina), configuration management (e.g. BigFix, SCCM, ePO), endpoint protection (e.g. antivirus, ATP), data loss prevention, and intrusion detection software and hardware.· Experience in utilizing virtual machines to connect to and repair server-based applications as well as configure and distribute client agents. Ability to fully administer the applications assignee.· Familiarity with remote access methods to various operating environments· Ability to create and evaluation Process and Data Flow, network diagrams and logical security boundaries· Excellent oral and written communication skills and the ability to deliver in-person or virtual training that results in excellent assessment via trainee feedback.· Familiarity with information security terminology and be able to develop or select technical training in the discipline of information security geared to an organization.· Understanding the role of interactive training such as phishing exercises for assessment of organizational abilities.· Familiarity with NIST SP 800-181 guidance regarding cyber workforce roles and responsibilities.· Familiarity with the various use cases and alignment of data from each tool to various security disciplines in configuration management, vulnerability management, risk management and incident management.· Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.· Demonstrates knowledge in the review and reference capabilities of Microsoft Word and have excellent oral and written communication skills.· Familiarity with data management and reporting of training data and statistics using common tools such as Microsoft Excel or PowerBI.
Responsibilities:· Familiarity with the security control families from the NIST guidance covered by the documents that they are responsible for evaluating.· Ability to provide subject matter expert-level knowledge to the project team to ensure compliance with applicable requirements.· Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST). · Hands-on experience using a Governance, Risk, and Compliance tool, such as CSAM or eMASS.· Ability to conduct gap analysis on non-federated vendor audit results, such as SOC Type 2, HIPAA comparison review and analyst against NIST SP 800-53 Revision 5 security controls· Hands-0m experience provide C-Level presentation and reporting· Excellent written communication skills and understand the purpose and use of the System Security Plan (SSP). · Possess an understanding of control inheritance as applied to the Risk Management Framework (RMF) implementation in the CSAM tool.· Ability to accurately manage complex workstreams, comprehend the application of the RMF, and understand the application of security controls across the interface, application, operating system, network, and database layers of modern information systems. Understand the applicable artifacts used as evidence to assess compliance.· Experience with multiple tools providing security functions such as vulnerability management (e.g. Nessus, Retina), configuration management (e.g. BigFix, SCCM, ePO), endpoint protection (e.g. antivirus, ATP), data loss prevention, and intrusion detection software and hardware.· Experience in utilizing virtual machines to connect to and repair server-based applications as well as configure and distribute client agents. Ability to fully administer the applications assignee.· Familiarity with remote access methods to various operating environments· Ability to create and evaluation Process and Data Flow, network diagrams and logical security boundaries· Excellent oral and written communication skills and the ability to deliver in-person or virtual training that results in excellent assessment via trainee feedback.· Familiarity with information security terminology and be able to develop or select technical training in the discipline of information security geared to an organization.· Understanding the role of interactive training such as phishing exercises for assessment of organizational abilities.· Familiarity with NIST SP 800-181 guidance regarding cyber workforce roles and responsibilities.· Familiarity with the various use cases and alignment of data from each tool to various security disciplines in configuration management, vulnerability management, risk management and incident management.· Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.· Demonstrates knowledge in the review and reference capabilities of Microsoft Word and have excellent oral and written communication skills.· Familiarity with data management and reporting of training data and statistics using common tools such as Microsoft Excel or PowerBI.
Required Qualifications
- 5+ years’ experience with NIST, FISMA, and Security Assessment & Authorization
- Certified Authorization Professional (CAP), or Security + desired
Tags: C Compliance FISMA Governance HIPAA Intrusion detection Nessus NIST Risk management Security assessment System Security Plan Vulnerability management
Perks/benefits: Career development
Region:
North America
Country:
United States
Job stats:
6
0
0
Categories:
Analyst Jobs
Leadership Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs