Senior Information Security Analyst

SoluStaff is actively recruiting a Senior Information Security Analyst for our customer, a large government organization in Philadelphia, PA. The Senior Information Information Security Analyst will review our client's existing IT policies and procedures applicable to NIST control families, identify gaps and updates needed to meet NIST 800-53 controls, and make written proposals for changes to our customer's information security organization. The Senior Information Security Analyst will also write procedures for NIST control families such as Access Control, Audit and Accountability, and Contingency Planning. They will validate the usability and accuracy of the written procedures with the customer project manager. The candidate will write process workflows for the identified procedures, which will show the step-by-step process documented in a diagram/illustration.

Responsibilities

• Review the existing IT policies and procedures applicable to NIST control families and identify gaps and updates needed to meet NIST 800-53 controls.
• Write proposals for changes to the security team lead, explaining the rationale for the change and providing recommended text changes that can easily be incorporated into the policy.
• Write procedures for NIST control families such as Access Control, Audit and Accountability, and Contingency Planning.
• Validate the usability and accuracy of the written procedures with the project manager.
• Write process workflows for the identified procedures, which will show the step-by-step process documented in a diagram/illustration.
• Communicate via secure video conference calls, emails, and SharePoint (or similar secure document sharing platform) with core operations teams, compliance manager, and security team leadership to prepare drafts and complete final documents.
• Consider how to limit the number conversations with core operations staff to maximize information gathering and validation in a limited number of meetings or calls.
• Leverage the Information Security Team and vCISO and IT Compliance Manager for additional communications.
• Write recommendations for updates to existing IT policies and the exact text for changes to be incorporated into the policies.

Requirements

• Demonstrated experience writing IT policies and procedures based on NIST 800-53 and Cyber Security Framework.
• Demonstrated experience auditing NIST 800-53 controls to cybersecurity and participating in IT compliance programs.
• CISA or CompTIA Security+ certifications are preferred but not required.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively with teams.
• Strong analytical and problem-solving skills.
• Attention to detail and ability to prioritize tasks.
• Experience working with government or public sector organizations is a plus.

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Paid Time Off (Vacation, Sick & Public Holidays)