IT Security Policy Analyst/Risk Assessor
Washington, DC
Applications have closed
In a world of technology, people make the difference. We believe if we invest in great people, then great things will happen. At AnaVation, we provide unmatched value to our customers and employees through innovative solutions and an engaging culture.
Description of Task to be Performed:AnaVation is seeking an IT Security Policy Analyst/Risk Assessor for our mission critical customer in Washington, DC. You will work as part of a fantastic team providing security compliance expertise on a high priority project.
Daily duties include, but are not limited to:· Performing risk assessments for government systems, to include cloud-based systems.· Performing security control assessments to include collecting supporting artifacts/evidence and interviewing system owner/owner representatives.· Having an in-depth knowledge of the Risk Management Framework (RMF).· Maintaining and tracking system POA&Ms.· Conducting vulnerability management and analysis.· Reviewing and analyzing government policy.· Taking ownership on various projects and efforts related to the items highlighted above.· Improving on processes and procedures and making recommendations to improve the security posture of the agency's IT systems and applications.
This position is currently hybrid (2 days per week on site at the customer location in DC) but is subject to change at the customer’s direction.
Required Qualifiations:
- 5+ years' experience with FISMA and Security/Risk Assessments & Authorization
- Familiarity with various security-related NIST publications (e.g., SP 800-53r5, SP 800-53A, SP 800-18r1, etc.)
- Ability to obtain and maintain a customer Public Trust clearance required. Qualified candidates can be sponsored for this clearance.
Preferred Qualifications:
- Familiarity with the security control families from the NIST guidance covered by the documents that they are responsible for evaluating.
- Ability to provide subject matter expert-level knowledge to the project team to ensure compliance with applicable requirements.
- Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST).
- Hands-on experience using a Governance, Risk, and Compliance tool, such as CSAM or eMASS.
- Ability to conduct gap analysis on non-federated vendor audit results, such as SOC Type 2, HIPAA comparison review and analyst against NIST SP 800-53 Revision 5 security controls.
- Hands-on experience providing C-Level presentation and reporting.
- Excellent written communication skills and understand the purpose and use of the System Security Plan (SSP).
- Possess an understanding of control inheritance as applied to the Risk Management Framework (RMF) implementation in the CSAM tool.
- Ability to accurately manage complex workstreams, comprehend the application of the RMF, and understand the application of security controls across the interface, application, operating system, network, and database layers of modern information systems. Understand the applicable artifacts used as evidence to assess compliance.
- Experience with multiple tools providing security functions such as vulnerability management (e.g. Nessus, Retina), configuration management (e.g. BigFix, SCCM, ePO), endpoint protection (e.g. antivirus, ATP), data loss prevention, and intrusion detection software and hardware.
- Familiarity with remote access methods to various operating environments.
- Ability to evaluate data flows, network diagrams, and logical security boundaries.
- Excellent oral and written communication skills
- Understanding the role of interactive training such as phishing exercises for assessment of organizational abilities.
- Familiarity with NIST SP 800-181 guidance regarding cyber workforce roles and responsibilities.
- Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.
- Certifications: Certified Authorization Professional (CAP), Certified Information Systems Auditor (CISA), and/or Security + desired
About AnaVation AnaVation is the leader in solving the most complex technical challenges for collection and processing in the U.S. Federal Intelligence Community. We are a US owned company headquartered in Chantilly, Virginia. We deliver groundbreaking research with advanced software and systems engineering that provides an information advantage to contribute to the mission and operational success of our customers. We offer complex challenges, a top-notch work environment, and a world-class, collaborative team.
If you want to grow your career and make a difference while doing it, AnaVation is the perfect fit for you!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Antivirus C CISA Clearance Clearance Required Cloud Compliance eMASS FISMA Governance HIPAA Intrusion detection Nessus NIST NIST 800-53 Risk assessment Risk management RMF SOC System Security Plan Vulnerability management
Perks/benefits: 401(k) matching Career development Competitive pay Health care Insurance Medical leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs