Information Security Analyst - Remote

Location
Remote
Salary
Competitive
Posted
May 23, 2022
Closes
May 25, 2022
Ref
3296
Function
Other
Industry
Science
Hours
Full Time
US Remote Worker

The Emmes Company, LLC ("Emmes") is a global, full-service Clinical Research Organization dedicated to excellence in supporting the advancement of public health and biopharmaceutical innovation. We believe in the power of truth, so much so that we named our company Emmes, which means truth. Through decades of experience we have learned that collaborative relationships thrive and human health benefits when truth is our compass.

Our "Character Achieves Results" culture is driven by five key values that guide our actions in the way we conduct research and distinguish us as an organization: Integrity, Agility, Passion for Excellence, Collaborative Partnerships and Intellectual Curiosity. We are a trusted partner to clients who share our passion for improving public health in a world of ever-changing scientific research.

If you share our motivations and passion in research, come join us! You will be joining a collaborative culture that empowers every Emmes employee — from entry level through top executive — to contribute to our clients' success by sharing ideas openly and honestly.

Primary Purpose

Supports and reinforces the company's compliance with governmental regulations, policies, and processes as well as governance of risk. Includes monitoring of security data from external sources (Industry portals, DoD, US-CERT, partners, etc.) and vendor advisories and conducting threat intelligence gathering. Responsible for compliance and Security Authorization activities for Emmes clients in accordance with National Institute of Standards and Technology (NIST) guidance and ISO 27001.

Responsibilities
  • Responsible for compliance with the FISMA regulation and associated standards. Good understanding of the NIST Special Publications, FIPS and OMB and Federal Information Processing Standards (FIPS).
  • Reviews system security controls (managerial, operational, and technical) to determine adequacy against federal requirements and mission context utilizing security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for security assessments.
  • Tracks the corrective actions in POA&Ms and coordinates the remediation with various groups.
  • Tracks and reports FISMA metrics and Key Performance Indicators (KPIs).
  • Develops and updates information systems security documentation. Ensures that Authority to Operate (ATO) are obtained in a timely manner.
  • Works closely with the Audit and Quality Assurance (QA) functions to provide validation of security control tests for third-party vendors, e.g., software, hardware, and cloud service providers.
  • Routinely conducts risk assessments/reports to quantify impacts of vulnerabilities or decisions to the federal government. Participates in the production of cohesive compliance reports.
  • Prepares documentation from information obtained from customers using accepted guidelines such as RMF.
  • Assists with development and implementation of system security plans and contingency plans.
  • Completes documentation in support of project / sponsor activities (e.g., checklists, questionnaires, etc.) and support external audits of Emmes.
  • Performs all essential functions adhering to the highest level of ethical and professional conduct.
  • Other duties as assigned

Experience
  • Bachelor's degree in Computer Science, Cyber Security, Engineering or related technical discipline
  • Demonstrated ability to resolve issues related to assigned work project of moderate complexity
  • Equivalent to 4 years cyber security experience with Federal standards and OMB Memoranda, and performing Authorization and Accreditation
  • Experience with FISMA assessment processes
  • Demonstrated knowledge of:
    • NIST 800-37, Risk Management Framework (RMF) and NIST 800-53 security controls
    • IT security foundational principles and methods, such as firewalls, DMZ, and encryption
    • Networking principles, such as connections, protocols (TCP/IP), IP addressing, routing,
      and switching
  • Ability to effectively communicate cyber security issues (in verbal and written form) and related topics with senior cyber staff and IT team members
  • Excellent technical writing and verbal communication skills
  • Maintains up to date on computer and network vulnerabilities and exploits
  • CompTIA Security+ certification preferred


Why work at Emmes?

At Emmes, your actions and hard work will have a direct impact on public health initiatives, both globally and in our local communities with opportunities for volunteerism through our Emmes Cares community engagement program. We offer a competitive benefits package focused on the health and needs of our growing workforce, including:

  • Unlimited Approved Leave


  • Tuition Reimbursement


  • 401k & Profit Sharing Plan
  • Work From Home Anywhere in the US


  • Maternal/Paternal Leave


  • Casual Dress Code & Work Environment


CONNECT WITH US!

Follow us on Twitter - @EmmesCRO

Find us on LinkedIn - The Emmes Company, LLC

The Emmes Company, LLC is an equal opportunity affirmative action employer and does not discriminate in its selection and employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, political affiliation, sexual orientation, gender identity, marital status, disability, protected veteran status, genetic information, age, or other legally protected characteristics.

Emmes is a federal government contractor and requires all employees to be fully vaccinated against COVID-19, to the extent permitted by applicable law. Individuals with medical conditions or sincerely religious beliefs or practices that prevent them from getting the vaccine may request an exemption from the vaccine requirement.

Similar jobs

More searches like this