Information Security Analyst Sr Advisor

About The Position

Requirements

• Proactive leader who can ensure the security and compliance of DOS systems while managing a team and coordinating with various stakeholders.
• Ideal candidate will demonstrate strong problem-solving skills, attention to detail, and the ability to work under pressure in a fast-paced environment.
• Extensive knowledge in adhering to security policies and procedures, including DOS FAM/FAH guidelines.
• Proven experience in managing ISSO security operations and ensuring security compliance.
• Familiarity with tools such as ServiceNow, ArchAngel, and Xacta for ticketing and A&A processes.
• Strong leadership and coordination skills to manage a team and liaise with multiple DOS offices and bureaus.
• BA/BS degree and/or 10+ years of experience in information security.
• Minimum of a Secret security clearance.
• Availability to obtain a Top Secret security clearance.

Nice To Haves

• Preferred Certification: ISC2 Certified in Governance, Risk and Compliance (CGRC).
• Availability to obtain ITIL (Information Technology Infrastructure Library) v4 Foundations certificate.

Responsibilities

• Supervise and manage a team of 5 to 8 security staff, ensuring effective coordination and collaboration between the Assessment & Authorization (A&A) and the Security Operations (OPs) teams.
• Provide support to the DoS Diplomatic Technology/Enterprise Services/Customer Care and Services (DT/ES/CCS) Information System Security Officers (ISSOs) for both new and existing systems, applications, networks, both on-premises and within a Federal Risk and Authorization Management Program (FedRAMP) cloud.
• Provide day-to-day guidance and support to the DT/ES/CCS SM Ops contract staff in support of our customer, the Consolidated ISSO, ensuring efficient operations and adherence to security protocols.
• Oversee CCS security operations team. Deliver support to CCS as it relates to the management of user accounts, access permission, security group management, and related auditing and reporting.
• Oversee the ATO processes for 7 separate Authorization-To-Operate (ATO) boundaries, ensuring compliance with all relevant security standards and policies.
• Manage and monitor security authorization, compliance, and auditing activities for the ATO boundaries.
• Conduct regular security audits and assessments to identify and mitigate potential security risks.
• Escalate project issues to the ISSOs and the Authorizing Official Designated Representative (AODR).
• Execute thorough Quality Assurance (QA) of all ATO documentation, either in the ArchAngel and Xacta-C chosen management tools, to execute the Risk Management Framework (RMF) framework.
• Review security controls in accordance with the NIST SP 800-53, Revision 5, and provide implementation recommendations.
• Be familiar with the following DoS tools: ArchAngel, Xacta-C, iMatrix, and iPost.
• Prepare and document RMF Steps 1 through 3 activities in ArchAngel or Xacta-C tools required for NIST SP 800-53 Rev. 5 control families.
• Working knowledge of ServiceNow.
• Assist, as necessary, in RMF Step 4, 5, & 6 activities in ArchAngel or Xacta-C tools.
• Develop and review Privacy Impact Assessments (PIAs) and Privacy Act Statements (PASs) prior to submission to the Privacy Office.
• Interpret and analyze complex system/network architecture diagrams.
• Perform analyses to validate established security requirements and recommend additional security requirements and safeguards.
• Collect evidence to support implementation of system baseline security controls and perform analysis on evidence to ensure compliance with the SSP and RMF designs.
• Stay current with emerging security trends, technologies, and best practices to continuously enhance the organization's security posture.
• Foster a culture of security awareness and vigilance within the organization.

Benefits

• Medical plan options, some with Health Savings Accounts.
• Dental plan options.
• Vision plan.
• 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• Full flex work weeks where possible.
• Paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• Short and long-term disability benefits.
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance.