Information Security Analyst - Senior
- Posted: over a month ago
Our client is seeking an experienced professional Information Security Analyst to join the Application Security Team supporting our client's applications. Under the direction of the Security Officer the Information Security Analysts primary responsibility is assist in maintaining the appropriate operational Information Assurance posture for our client's Systems.
- Responsible for ensuring information system security requirements are addressed during all phases of an information system lifecycle.
- Responsible to develop, implement, assess and maintain the appropriate system-level information system security controls in accordance with, National Institute of Standards and Technology Special Publication 800-53 (as amended), state and federal government-wide laws regulations, policies, procedures, and standards.
- Develop documents supporting the agencys information security program (e.g., Data Classification Reports, Privacy Impact Assessments, Business Impact Assessments, Configuration Management Plans, Contingency Plans, Incident Response Plan, System Security Plans (SSPs), Rules of Behavior, Risk Assessment Reports, Security Test and Evaluation results, System Interconnection Agreements, Security Authorizations/Accreditation Packages, and Plans of Action and Milestones [POA&M]).
- Propose, coordinate, implement, and enforce information systems security policies, standards, procedures and methodologies
- Performs risk assessments, and analyses vulnerability assessments, evaluates and convey risks using NIST risk assessment methodology, and advise agency executives, system and IT stakeholders on compliant risk management strategies and solutions.
- Define, create and maintain security role documentation for our client's applications.
- Assist in the evaluation of security solutions to ensure they meet security requirements for processing Personally Identifiable Information.
- Provide Configuration Management for information system security software, hardware and firmware.
- Reviews and approves requirements documents.
- Manages changes to client's systems and assesses the security impact of those changes.
- Meets with external auditors and supports security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).
- Assist with the management of security aspects of the information system and perform day-to-day security operations of client's systems.
- Must have solid experience in cybersecurity field.
- Able to produce high-quality technical and business documentation.
- Must be able to handle multiple projects and multitasking.
- Must have strong interpersonal, communication, planning, presentation, leadership, conflict management and relationship building skills.
- Positive attitude and a strong commitment to delivering quality work.
- Because of the constant developing nature of information systems and cyber-attacks, candidate must be committed to continuous learning and system development.
- Must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues.
- Able to develop and maintain agency wide standards, tools, guidance, and processes to carry our clients cybersecurity mission.
- College degree (BS/BA) in business information systems, computer science or a related field.
- Two years of job-related experience in information security.
- Candidates are preferred to hold or be actively pursuing a minimum of one related professional certification, i.e., Security+, CISSP, CISM, or CISA, etc.
- Experience in developing and administering an information security program desirable.
- Significant experience with NIST 800-53 and the NIST Cybersecurity Framework is strongly encouraged
TechnologyView all jobs at Experfy Inc