IT Security Policy Analyst - 1

2 days left

Employer
MindPoint Group
Location
Washington, DC
Posted
Oct 09, 2017
Closes
Oct 20, 2017
Function
Analyst, IT
Industry
Security
Hours
Full Time
Job Description MindPoint Group is seeking a IT Security Policy Analysts who will be directly responsible for ensuring our government client staff have a positive and productive working relationship with other government client Components and or external agencies as applicable The Information Security Policy Analyst is responsible for knowing all applicable federal mandates how and where these mandates tie into government agency orders policies instructions standards handbooks and guides as well as the impact of the security requirements on Component systems and mission The Information Security Policy Analyst will oversee Component IT security activities and compliance and provide hands on assistance as appropriate to ensure Component success In addition the Information Security Policy Analyst is directly involved in supporting Components in various audit activities and also serve as the liaison between the auditors Components and the Department The Information Security Policy Analyst supports Components with coordinating interviews and reviews Prepared by Client PBC deliverables for accuracy with audit request Tasking includes Establish and maintain positive and productive working relationships between headquarters and other client Components Support preparation activities for and the meeting of IT governance organizations consisting of high ranking officials from the Office of the CIO and Department Components who meet regularly to address specific IT security issues Support and assess individual IT commodity areas eg email telecommunications and mobility in the Department and at the Components to Identify and gain efficiencies including supporting cost benefit and return on investment ROI analyses Ensure proper governance and investments alignment with the client IT Architecture and Security Architecture Draft review and comment as directed by the government POC on Department policy and instruction documents Draft review and comment as directed by the government POC on translating federal requirements into Department policies and requirements including but not limited to NIST publications OMB guidance and requirements FISMA and CNSS Complete Security Authorization packages to include system security plans security assessment reports POAM summaries and a continuous monitoring plan assessment schedule and present executive briefing to the government client management The work is fully completed reviewed checked and edited before presenting to the government client management Ensure security risk assessments are conducted as appropriate on any system upgrades software hardware changes etc Provide hands on Component assistance as necessary Conduct formal Office of the Chief Information Officer system oversight review provide feedback and document findings in CSAM Provide hands on assistance to Components to correct weaknesses as necessary Ensure Component system inventory is accurate for FISMA reporting Provide hands on assistance to Components as necessary Ensure Component hardware and software inventory and documentation is accurate and current Provide hands on assistance to Components as necessary Ensure Component security authorization boundaries are properly defined and captured in the system security plans and that all interconnection agreements are in place and current Provide hands on assistance to Components as necessary Ensure Component system security authorization controls contain accurate implementation statements formerly compliance descriptions and assessments results and that appropriate artifacts are uploaded in CSAM to support finding Provide hands on assistance as appropriate Ensure Component systems offer appropriate controls for inheritance and the inheriting systems inherit only whata s appropriate Provide hands on assistance to Components as necessary Support Components with annual recertification of accounts a ensure new accounts have appropriate forms and signed by appropriate approving authority and any inactive accounts are deactivated within days of last login Provide hands on assistance to Components as necessary Ensure Component system scanning takes place in accordance with the Departmenta s plans and schedule Provide hands on assistance to Components as necessary Ensure Component systems have secure configuration baselines set and documented and any deviations approved by the authorizing official Ensure all audit Notification of Finding and Recommendation are entered into CSAM as a POAM Ensure Component system POAMs have appropriate milestones accurate description of the weaknesses and remediation task owners estimated cost to completion and realistic due dates Provide hands on assistance to Components as necessary Ensure all systems update their annual incident response and contingency plans conduct the appropriate training document the appropriate POCs and document the after action plans All artifacts are uploaded into CSAM by the Departmenta s due date Provide hands on assistance to Components as necessary Ensure Components reach their CSAT and IT Professional training completion targets on time Provide hands on assistance to Components as necessary Support Component to ensure clean audit results Provide weekly summaries to the government client management or Component management as the case may be on accomplishments and any noteworthy items Functional Responsibilities The candidate may perform any or all of the following Oversees and manages day to day operation of Information Systems Optimize system operation and resource utilization and performs system capacity planning analysis while maintaining the security posture Performs system security analyses on client networks and systems provides guidance training research and recommendations on client networks and AIS performs security audits evaluations and risk assessments of complex operational systems and facilities and provides recommendations for remediating detected vulnerabilities conduct security and internal control reviews of sensitive systems The candidate conducts specific technical reviews to support non standard operational requirements and systems design develop and maintain unique security tools and techniques for conducting security assessments provide advanced technical computer and communications security assistance provide expert assistance and recommendations in the field of Information Assurance and Cybersecurity Conducts security assessments security authorizations and evaluations of applications and systems processing sensitive or classified information develop requirements and specifications for reviewing and approving procurement requests major systems development activities telecommunications and teleprocessing hardware and software and hardware and software encryption techniques on the basis of security concerns and assesses technology to ensure that security vulnerabilities are identified and remediated Qualifications Minimum years of general work experience and years of relevant experience in functional responsibility Active Top Secret clearance required Bachelora s Degree or an equivalent combination of formal education experience eight years of experience in Functional Responsibility area may be substituted for a Bachelora s Degree A Mastera s Degree may be substituted for years of general work experience Candidates should be well versed in risk management and must have experience working with SDLC and performing security tasks throughout Experience and working understanding of FISMA compliance experience conducting all phases of Certification and Accreditation CA and creating documentation in accordance with NIST guidance Understanding and experience with CSAM is a PLUS Candidate should have strong analytical and organizational skills Candidate should have concise writing skills excellent MS Word skills as well as other MS Office Applications Personnel shall be well versed with NIST publications OMB circulars and memoranda and CNSS publications and their requirements and impact on system security