Information Assurance Systems Analyst

About The Position

Requirements

• Minimum 5 years of experience with a BS/BA degree in an IT information security or compliance role in a corporate or government contractor setting. (Minimum 9 years’ experience without a BA/BS degree.)
• Strong understanding of NIST SP 800-171, CMMC Level 2, and basic DFARS cybersecurity clauses
• Knowledge of multiple federal government network security processes and procedures
• Technical background with understanding or hands-on experience in Information Technology environments and web technologies
• Excellent oral and written communications skills required for correspondence, reports, briefings, and procedures
• U.S. Citizenship (required for defense contractor compliance)
• Must have the ability to obtain and maintain a security clearance
• Cybersecurity Risk Management or Information Assurance related certifications
• Excellent written and verbal communication skills
• High school diploma or GED is required

Nice To Haves

• Professional certifications such as Security+, CISSP, CISA, or CRISC
• Familiarity with audit processes, internal controls, and security risk assessments
• Knowledge of Microsoft office applications
• Working knowledge of Confluence and Jira for task management
• BS/BA degree is preferred

Responsibilities

• Analyze and maintain System Security Plans (SSPs) with supporting documentation aligned with NIST 800-171 and CMMC practices
• Assist with regular information security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&Ms)
• Coordinate security authorization and compliance activities across IT systems and applications
• Perform ongoing information security technical reviews of applications, infrastructure, and business processes to verify compliance and identify improvements
• Recommend remediation actions, track remediation efforts, and collaborate closely with IT, DevOps, and business teams
• Execute comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, and other relevant regulations
• Analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR99)
• Collaborate with system and network administrators to implement audit features that are configured and enabled correctly
• Perform third-party/vendor information security reviews as part of the procurement and onboarding process
• Review supplier security documentation and manage risks associated with external data sharing and service providers
• Participate in incident response activities, including documentation, coordination, and lessons learned reviews
• Help improve incident detection, containment, and prevention through policy, training, and technical improvements
• Utilize GRC (Governance, Risk, and Compliance) tools to document and track risk assessments, policy compliance, and mitigation efforts
• Identify and evaluate risks to information assets
• Assist in the development of risk treatment and remediation plans
• Review and analyze policy exceptions to assess impact and risk, track approvals, and monitor mitigation within target remediation timeline
• Collaborate with internal stakeholders to ensure alignment of technical and administrative controls with risk management practices
• Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices
• Monitor training completion and maintain accurate compliance records
• Other duties as assigned

Benefits

• RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate’s work experience, education/training, skills, expertise; and internal equity.
• The salary range includes base pay plus RAND’s sabbatic pay (which provides additional compensation above base pay when vacation is taken).
• In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.