POA&M Analyst
Washington, DC
SkyePoint Decisions
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S.SkyePoint Decisions, Inc. is seeking a highly motivated team member to fill the role of Plan of Action and Milestones (POA&M) Analyst to join our team supporting the Department of Education’s (DoED) Federal Student Aid (FSA) Cybersecurity and Privacy Support Services (CPSS) in Washington, DC. The Plan of Action and Milestones (POA&M) Independent Verification and Validation (IV&V) team provides an independent group to assess artifacts and evidence used to address audit and system security findings. The POA&M IV&V is responsible to perform technical and compliance assessments to ensure that the remediation actions are complete and meet all the guidance requirements.
Responsibilities
- Comply with the actions identified for the IV&V Team within the POA&M guidance within the VM SOP. This includes creating, analyzing, maintaining, recommending, and closing POA&Ms.
- Provide ISSO updates, at the monthly ISSO meetings, associated with POAM closures, vulnerability tracking tool functionality, root cause analysis, compliance, or other security related issues.
- Maintain metrics associated with POA&M artifacts, approval rates, timeliness, etc.
- Create a Weekly Plans of Actions and Milestones Report that includes enterprise status, trends and statistics, 30, 60, 90-day projections, audit security findings, recommended accepted risk status, ECD Change requests, proposed finding re- assignments, and overdue findings.
- On a quarterly basis, provide an enterprise risk analysis report for the findings in the vulnerability-tracking tool and provide recommendations for reducing recurring findings, enterprise findings, training, and improved processes as applicable.
- Maintain Cybersecurity framework (CSF) Risk scorecards for all FISMA reportable systems.
Qualifications
- Must be able to obtain a DoED Level 6C High Risk/Public Trust. Prefer current Top Secret Security Clearance
- Minimum three years’ experience working in the cybersecurity field
- Industry standard certification
- Must have experience creating POA&MS
- Ability in conducting vulnerability scans and recognizing vulnerabilities in security systems
- Assessing the robustness of security systems and designs
- Conducting application vulnerability assessments
- Ability to perform impact risk assessments
- Good familiarity with and understanding of all relevant government and agency policies and procedures to ensure system documentation is compliance with relevant guidelines, e.g., FedRAMP, RMF, FISMA, FIPS-II, NIST, etc.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity)
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to most efficiently and effectively deliver their mission – anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results.
SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 (with SAM) for Services. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve.
SkyePoint Decisions is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required for most positions.
Tags: Clearance Compliance FedRAMP FISMA NIST Privacy Risk analysis Security Clearance Top Secret Vulnerabilities Vulnerability scans
Perks/benefits: Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Product Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Cyber Security Specialist jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open IPS-related jobs