Security Analyst (FISMA standards, NIST 800-53, POA&M, CAP, GRC processes)

SC-10226-1

Daily duties / responsibilities:

This implementation assistance would include, but is not limited to:

• Reviewing assessment findings and deficiencies for accuracy, completeness, and validity
• developing and tracking finding remediation plans and recommendations for risk management alternatives
• providing process improvement recommendations and documentation to support the process improvements
• documenting information gathered during both interviews and document reviews to assist with developing formal process and procedures
• assessing agency documentation to ensure adequate approaches are used to comply with controls
• facilitating agency status reporting
• collaborating, often onsite at agency locations, with agencies to provide recommendations for compliance

Security Architect:

Required skills:

1. Have conducted audit and assessment activities related to industry or government compliance requirements
2. have completed an information security plan or system security plan workbook
3. prior experience working with FISMA standards
4. must have a strong working knowledge of NIST 800-53
5. prior experience POA&M or CAP
6. strong communication (written and verbal) experience
7. experience with GRC processes
8. simultaneously manage multiple infosec work efforts
9. strong schedule management and resource planning skills
10. ability to work at a high-volume and fast pace
11. strong collaborator and string ability to meet deadlines
12. knowledge of IRS 1075, HIPAA, CJIS, mars-e, and/or PCI-DSS
13. ability to identify map and reengineer business processes

Required education/certifications:

• 6+ years' of experience in information security and compliance
• certifications: CISA or CISSP or CISM or GSLC or equivalent