POSITION DESCRIPTION:
Reports to the Information Technology Security Team Project Manager. The Information Security Analyst acts as a consultant, interfacing between the customer and IT security consulting team throughout the federal information system certification and accreditation life cycle. Responsible for NIST certification and accreditation as primary task area. Provides internal status reports, enforces quality control of project deliverables, and implements efficient processes and procedures for continuing improvement of services for the customer. The ideal candidate is very detail oriented with strong technical knowledge, superior writing skills, and excellent customer relationship management skills. He or she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage of the certification and accreditation process. The Information Security Analyst will be actively engaged in identifying unique system characteristics; interviewing key organizational personnel (technical, administrative, and executive); working with consulting team to compose requisite documentation (security categorizations, risk assessments, contingency planning, etc.); and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. The analyst will coordinate and plan all certification and accreditation activities for existing systems and those still in development (SDLC); provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc; work face-to-face with multiple stakeholders through interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition; conduct in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines; and analyze business models, workflows, and organizational dimensions as they relate to the design, implementation, and support of the information system.
REQUIRED EDUCATION:
Bachelor's degree in related field and 4+ years of related experience. Must have bachelor's degree or higher; no waivers accepted.
REQUIRED SKILLS:
Knowledge and hands-on experience with IT security architecture and design (firewalls, intrusion detection systems, virtual private networking, and virus protection technologies, LAN/WAN design, and general internetworking technologies), various operating systems and hardware, and basic programming and database training. Proficiency with advanced features of Microsoft Word 2003 and other Microsoft Office Suite 2003 applications including Outlook, PowerPoint, and Excel. Experience with Adobe Acrobat Professional. Excellent technical writing skills in the English language, excellent written and oral communication skills, desktop publication skills. Ability to work with minimal supervision, set priorities, and give attention to detail and quality, flexible, strong organizational and time management skills, ability to multi-task, ability to work individually and with a team, positive attitude, self-motivated, reliable, trustworthy, strong interpersonal skills, diplomacy, and ability to handle stress in professional manner. Professional business attire is required for client site work. The candidate must possess one or more of the following certifications: CISSP, CISA, CISM, GIAC, MCSE, CCNA, CCNP, GSSP, GPEN.
DESIRED SKILLS:
Knowledge of OMB A-130, FISMA, OMB Memos, Privacy Act of 1974, HIPAA, and Sarbanes-Oxley, and NIST Special Publications 800 series, and one or more of the following certifications: ITILv3, COBIT. Experience in the financial services market is beneficial but not required.
SECURITY CLEARANCE REQUIREMENTS:
U.S. citizen and High Public Trust clearance (6C).
WORK LOCATION:
Hyattsville, MD. Travel: 0-25%.
WORK HOURS:
Day shift, Monday though Friday, 40 hours/week.