Security Analyst W/FISMA, SSP & POA&M

Security Analyst W/FISMA, SSP & POA&M

The main function of a Security Analyst is to be responsible for definition and implementation of security requirements and standards for the security aspects of major projects.

Job Responsibilities:

Conduct internal investigations related to computer security, including computer forensics. Apply knowledge of security principles, theories, and concepts, business/function and development life cycle.

Work closely with developers and evaluate business requests to determine feasibility.

Work with Software Engineers to define alternatives and recommend optimal solutions to meet security and regulatory requirements in the design of new/enhanced systems.

Ensure established security policies and standards are observed by consulting with business owners on project.

Document and coordinate changes and enhancements of security standards and procedures, prepare and/or present documentation of business/technical presentations, provide technical support for the member(s)/business to ensure adherence to requirements, and document problem areas/coordinate resolutionsInvestigate/research industry business/technical security processes.

Qualifications:

Bachelor’s degree in a technical field such as computer science, computer engineering or related field required

8+ years experience required

Proven experience in an Information Security practice

Knowledge of security architecture of web based networks and environments

Advanced knowledge of security protocols and standards, experience with software and security architectures

Experience in security design and technology assessment

Security design and implementation of web based security architecture for secure on-line transactions

Strong verbal and written communication skills

Major Job Purpose:

Ensure compliance with government, industry, and internal IT policies, regulations, standards, and guidelines.

Essential Responsibilities/Experience:

Provide leadership and subject matter expertise to drive effective compliance with FISMA, including migration from NIST 800-53 Rev 3 to Rev 4. Execute all processes necessary to maintain FISMA compliance, including SSP and POA&M maintenance, in a manner that is effective, efficient, and timely.

Demonstrated experience preparing C&A/A&A packages, performing NIST SP800-53 security control assessments, and performing ISCM in accordance with NIST SP800-137 expected.

Experience working with Rsam’s GRC platform (not to be confused with CSAM) a plus.

Standards/Regulations:

Experience facilitating compliance with FISMA and NIST SP800 family of standards and guidelines is firmly required.

Experience with PCI-DSS, FBI-CJIS, SOC, SEC Section 31, ISO27000, SIG/AUP and technology-specific secure configuration guidelines (e.g. MS Windows, Linux) a plus.

Certifications: CISA, CISSP, CISM, PMP, and CTPRP are desirable.