It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
The IT Security Analyst provides support as a cybersecurity subject matter expert on a multi-disciplinary team supporting a high-level Federal Government client in developing, maturing, tracking and reporting key cybersecurity maturity, performance and effectiveness metrics for the most senior members of the organization. Utilizes risk management principles form established frameworks (e.g., NIST) to help improve cybersecurity performance and reduce risk across the enterprise.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.
Assists in responding to requests for information from outside auditors. Implements a process and program to gather and track responsive information.
Implements an effective weakness remediation process, to include reporting and oversight that is aligned with federal, department, and agency policy. Creates a process to track and report remedial actions, Plan of Action and Milestones (POA&Ms), on a quarterly basis.
Develops and maintains System Security Plans (SSP) for IHS information systems. Evaluate the control families, select relevant controls, support IS team to document controls as implemented.
Creates and continuously improves the enterprise System Security Plans (SSP) and other ATO artifacts.
Ensures that questions, concerns and issues are addressed and communicated appropriately and in a timely manner.
Researches information, policies and practices to appropriately respond to complicated customer related questions.
Assists in meeting mandates, directives, reporting and other security-related processes with respect to Federal regulations such as FISMA; OMB Circular A-123; Health Insurance Portability and Accounting Act (HIPAA); OMB mandates; Homeland Security Presidential Directives (HSPD); Federal Information Processing Standards (FIPS).
Assists in implementation with NIST guidance, oversight and compliance including for example: 800-53 Security Controls; 800-37 Certification and Accreditation; 800-30 Risk Assessments.
Assists in the implementation of HHS and Agency directives, guidance and reporting requirements and industry “best practices and guidance”.
This position will include significant research, evaluation, recommendation and documentation development such as security assessment reports, methodologies, briefings and presentations.
Drives regular audit updates within the department to ensure alignment to audit findings and best practices.
Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions as the best of own ability.
Bachelor's degree and a minimum of five (5) years’ relevant experience in interpreting federal security guidance such as FISMA, FIPS, NIST special publications, OMB mandates and other federal requirements. Experience with the federal Certification and Accreditation process including conducting reviews such as Security Control Testing and Evaluations (ST&Es), tracking progress and defining POA&Ms, or equivalent combination of education/experience.
CERTIFICATES, LICENSES, REGRISTRATION
CISSP, SANS GIAC, Security+, Linux+, MCSE, CCNA or SSCP certification preferred
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Familiar with OMB, FISMA, FIPS, HIPAA and other federal regulations and requirements associated with Information Security.
Strong written and verbal communications skills with ability to prepare quality reports, presentations, summaries and analysis.
Strong interpersonal skills applied to interactions with all levels of authority.
Ability to read, analyze, develop and interpret common information systems security documents.
Ability to present ideas in business-friendly and user-friendly language.
Highly self-motivated and directed.
Keen attention to detail.
Team-oriented and skilled in working within a collaborative environment.
Ability to read analyze and interpret common and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publications that conform to prescribed styles and format. Ability to effectively present information to top management, public groups, and/or boards of directors.
Ability to calculate figures and amounts such as discount, interest, commission, proportions, percentages, area, circumference and volume. Ability to apply concepts of basic algebra and geometry.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interrupt an extensive variety of technical instructions in mathematical or diagram from and deal with several abstract and concrete variable.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!