Information Assurance Compliance Analyst 3

About The Position

Requirements

• TS/SCI with Agency Appropriate Polygraph
• Five (5) years experience working as an Information Assurance Analyst for an information technology, information assurance, or information management program
• Bachelor’s degree in cyber security, computer science, management information systems or related IT field
• CompTIA CISSP certification
• An additional certification in one (1) of the following: CompTIA Security+ CE, Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC) ISC2 Systems Security Certified Practitioner (SSCP) Cisco Certified Network Associate (CCNA) Security

Responsibilities

• Oversee, evaluate, and support documentation, validation and accreditation processes necessary to assure that new information technology (IT) systems meet the organization’s information assurance (IA) and security requirements
• Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives
• Verify documentation and databases to ensure device inventory information, serial numbers, IP addresses, device physical and logical locations, cable information, rack elevation diagrams, and architectural diagrams are accurate
• Support Authorization and Accreditation processes for NSA boundaries
• Support all phases of the Risk Management Framework (RMF)
• Lead and document maintenance of system security postures, patching, compliance with Security Technical Implementation Guides (STIG), and ensure the maintenance of the Authority to Operate
• Ensure all cyber security issues are identified and promptly resolved
• Maintain the security posture of applications and infrastructure considering Information Assurance Vulnerability Alerts (IAVA) and Cyber security Task orders (CTOs)
• Perform a monthly review of security scans of all NSA boundary applications/assets that are provided by the IAVA scanning team
• Provide a comprehensive Risk Management Plan to address, identify, assess and provide prioritization of risks
• Conduct Command Cyber Readiness Inspection (CCRI) to include Preparation, Review, Continual Improvement, and CCRI Site Assist Visit
• Identify, report, and resolve security violations
• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory and resource demands
• Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle

Benefits

• The company automatically contributes an additional 10% of each employee's gross compensation to the company SEP IRA plan, with no requirement for employee matching
• All contributions are fully vested from day one, ensuring immediate ownership of retirement funds
• A Choice of CareFirst BlueChoice Medical Plans, some with Health Savings Account (HSA)
• CareFirst Preferred Dental
• CareFirst BlueVision