Information Security Analyst

About The Position

Requirements

• Ability to obtain a Public Trust and EOD.
• Bachelor and three (3) years' or Master and (2) years' experience
• Three (3) years of experience working in information security or compliance, NIST, FISMA, ATO experience.
• Technical understanding of IPv6 security requirements and associated network protocols.
• Expert-level knowledge of Zscaler security solutions and their implementation in enterprise environments.
• Ability to work closely with cross-functional stakeholders
• Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers.

Nice To Haves

• Work experience with ISO 27001 compliance standard Experience working with Security Controls across at least some of the following domains:
• Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness & training, BC/DRP, etc.
• Ability to balance risk, potential impact, resourcing, business drivers, and timelines Advanced degree in computer science, information technology or Information security
• Participate in defining, collecting, and tracking various Security Metrics Support vendor management, including vendor risk assessments and security reviews.
• Ability to prioritize in a highly dynamic work environment.

Responsibilities

• Provide guidance to ensure project compliance to the United States Government Baseline (USGCB) for IT Security, taking into account agency policies, default configurations and settings, IPv6 security capabilities, and any other potential IPv6 requirements.
• Provide technical expertise of computer security laws, mandates, standards and policies in accordance with the Federal Information Security Management Act (FISMA) as amended, National Institute of Standards and Technology (NIST) Special Publications (SPs), Office of Management and Budget mandates, the Department of the Treasury policies for information security requirements and Federal Risk Management Program (FedRAMP) authorization process.
• Utilize technical expertise of computer theories, principles, practices and industry standards to complete computer security related functions that include certification and accreditation of government information and telecommunications system, IT disaster recovery and business continuity planning, and risk management activities.
• Represent the project in internal and external meetings, working groups, and integrated project teams to provide IT security compliance requirements.
• Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth.
• Participate in internal security and compliance program and track recurring controls.
• Help support customer security reviews, RFPs and external security and privacy inquiries.
• Help support internal/external audits and evidence collection.
• Document new and update existing policies, procedures, standards and resources.
• Participate in Security awareness program, train personnel on data security & privacy related processes and responsibilities.
• Participate in defining, collecting and tracking various Security Metrics Support vendor management, including vendor risk assessments and security reviews.
• Ability to prioritize in a highly dynamic work environment