VivSoft is seeking a Security Compliance Analyst in Annapolis, MD. Multiple opening. We are looking for a mid level and a junior level resource.
The ideal Security Compliance Analyst will have had prior experience working in a highly technical environment, be well versed in the current state of Information Security and be able to interpret security requirements of relevant governing bodies (NIST, OMB, DHS, etc). The candidate will interface with federal and state government employees and contractors to perform required support activities. The ideal candidate will have prior experience performing similar governance, risk, and/or compliance activities consistent with the experience/skill requirements documented below.
· Create, compile, and maintain security authorization packages and documentation as required by Federal security authorization guidelines described in NIST and OMB requirement documents.
· Enforce policies and guidelines as outlined within NIST SP 800-53.
· Provide guidance in the implementation of system specific features and security controls to ensure effective compliance with federal requirements as well as promoting a healthy security posture for the implementation team and key stakeholders.
· Provide IT security consultation to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, technical vulnerability reports, and contingency plans.
· Perform the necessary review, analysis, and reporting of key system attributes, weaknesses, and changes to the Information Systems Security Manager, System Owner, and Risk Management body to support the Continuous Monitoring of supported systems.
· Initiate, track, and manage the creation, opening, and closure of weaknesses via client prescribed Plan of Action & Milestone (POAM) processes and procedures.
· Effectively communicate the risk and security posture to the Information Systems Security Manager, System Owner, Key Stakeholders, and consumers of security controls within your purview.
· Reporting IT security incidents in accordance with established policies and procedures.
· Document security aspects of SQL programs and database systems
· BA/BS, preferably in management or a related technical subject area (technical, analysis, or mathematics) or equivalent experience
· Bachelor's degree or equivalent combination of education and experience
· Positively adjudicated background investigation
· Experience with Information Assurance Compliance Tools (Xacta, TAF, etc.)
· Knowledge of Federal Government Authorization processes. (NIST 800-37, NIST 800-53)
· Mid level requires total 8 years IT exp and Junior level requires 4 years total IT.
· SQL programming experience
· Disaster recovery / COOP experience with SQL database systems
· Excellent interpersonal, interviewing, analytical and problem solving skills to address variable situations.
· General knowledge of industry security requirements, standards, and best practices.
· Experience creating, maintaining, and reviewing security compliance documentation. (Systems Security Plan, Contingency Plan, Risk Assessment, POAMs).
· Cybersecurity consulting and support in a federal or state agency.
· Demonstrates very good written and oral presentation skills and outstanding client-interaction skills.
· Thinks creatively and demonstrates the ability to work independently on a complex task with little direction, supervision, and management oversight. The incumbent should be highly motivated, a self-starter, and able to work alone or in groups.
· Demonstrates a strong understanding of the design and architecture of complex information systems and the ability to communicate operational use of those systems to others.
· Demonstrates ability to support and assess technical requirements, and translate those needs into an actionable environment architecture, business and technical process.
· Demonstrates ability to interact comfortably Senior Leadership and/or Government Executives and staff on a day-to-day basis.
· Security Professional Certifications (CISSP, CISM, CAP)
· Knowledge of policies, procedures and requirements
· Self-motivated participant of a highly team-oriented environment.
· Experience with security analysis tools such as Nessus, HP Web Inspect, AppDetective.