Responsibilities (overall and day-to-day): As a Security Compliance Analyst, you will be joining a team performing security assessments and providing consulting support to assist clients in meeting FISMA and FedRAMP requirements. The ideal candidate will have a firm understanding of how to apply the principles of Information Security in a variety of circumstances and expertise translating the NIST 800-53 guidelines into common technical implementations.
Develop Security Authorization Packages that are compliant with FISMA/FedRAMP requirements. Package components include: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, and Plan of Action and Milestones (POA&M)
Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FISMA/FedRAMP requirements
Demonstrate ability to lead compliance and assessments projects through the project lifecycle from initiation to project closure
Lead working sessions with client and audit team to ensure expectations and direction are aligned and timelines are being met
Collaborate across multiple internal teams to ensure successful delivery of artifacts and closure of audit field work
Provide review and analysis of vulnerability scan results from tools such as Nessus, Qualys, AppDetective, WebInspect, IBM AppScan, Burp Suite, etc.
Build a customer-focused relationship with client(s)
Experience reviewing and updating policies, standards, and procedures to ensure they are up to date and reflect current practices
Demonstrate familiarity with FISMA and NIST 800 series guidelines (800-30, 800-37, 800-53 and 53A, 800-60, etc.)
SOC2
RegSCI
PCI-DSS
Splunk
Education/Experience Requirements:
CISSP/CEH/AWS certs/CASP/Security + certification or equivalent highly desired
Bachelor's Degree (preferably in Information Technology or Cyber Security) or equivalent work experience