Sr. Information Security Analyst

We are looking for a Sr. Information Security Analyst. This is a REMOTE and FTE position. Apply if interested.

Required Experience:

5

+ Years
Job Locations:

Remote

Location Restrictions:

Remote

Basic Qualifications and

The Sr. Information Security Analyst is part of the Security team with a primary responsibility in maintaining security documentation and supporting internal and external security assessments of cloud systems and products to ensure cohesive awareness of risk and risk reduction capabilities. Owns delivery of assigned security compliance projects in support of ongoing compliance programs. Assist team with other security and/or privacy compliance projects as assigned. Services should be performed in accordance with professional and department standards. Responsibilities include assessing the current adequacy of security strategy and controls for assigned systems, calculating the impact of potential adverse events, and facilitating risk mitigation planning and review sessions. This role assists with internal and third-party risk assessments.

Responsibilities
  • Support security risk management framework for assigned applications using technical, writing, and auditing skills.
  • Two primary functions are as follows:
  • Maintain existing and new information security and privacy policies, plans, and procedures within the framework of assigned compliance programs including System Security Plans (SSP)and related security documentation for internal systems
  • Prepare for, participate in, and support security certification and NIST-800-53 based compliance audits (FISMA, FedRAMP, 800-171, CMMC, etc.) and ISO 27001compliance audits – internal, externally contracted, or both as assigned
  • Work with engineering, product development, and key stakeholders to clearly assess compliance to selected/assigned security and privacy controls, and identify and define remediation steps to address vulnerabilities
  • Lead and conduct internal assessments if/when required to conduct and/or assist with internal NIST SP 800-53A and ISO 27001 assessments on internal systems through personnel interviews and documentation review, to determine compliance with policies and procedures, recommend corrective actions, and prepare findings reports
  • Gather or coordinate the collection of necessary evidence
  • Maintain POA&Ms and track associated mitigation for assigned products
  • Assist in the facilitation of GRC systems to improve documentation maintenance and documentation reuse.
  • Track compliance matrices across all supported security and privacy frameworks
  • Assist with the reviews and processing of monthly vulnerability scan results for assigned systems and works with the technical teams to ensure vulnerabilities are resolved on time
  • Track SLAs on audit and continuous monitoring findings
  • Manage 3rd-party assessments and penetration testing as assigned
  • Self-manages assigned projects, report status and performance metrics, issues and recommendations for success

Required Skills and Experience

  • You have at least 5 years working with information security governance, compliance, or auditing with at least 3-years’ as a lead assessor and with at least 2-years’ direct or related experience assessing information systems following NIST Special Publications e.g. NIST 800-37, 800-53, 800-137, etc.
  • You have strong knowledge of variety of the IT technologies, architecture, concepts, best practices, and procedures, information security principles, standards, tools, and methodologies
  • You have experience with assessing commercial cloud environments
  • You have a strong “accountant-like” mindset and attention to detail, ability to interface with all levels of personnel (system administrators, ISSO, developers, etc.)
  • You have proven problem solving and analytical ability with the capacity to prioritizing key issues form large amounts of input
  • You can effectively handle ambiguous, dynamic tasks while able to adjust focus in response to events and circumstances
  • You have at least 5-years’ experience with writing/defining/clarifying requirements for technical teams including authoring deliverables such as System Security Plan (SSP), Contingency Plans, Incident Response Plans, Security Assessment Report (SAR), Plan or Actions and Milestones (POA&M),and Business/Security Impact Analysis (BIA/SIA).
  • You can communicate clearly in small groups
  • You are results oriented with the ability to self-manage and work independently 
  • You have excellent organizational, planning, and time management skills
  • You are effective in Microsoft Word, Excel, and PowerPoint

Interested in this position?
Fill out the form below!