Information Security Compliance Analyst

About The Position

Requirements

• HS/GED.
• Seven years of related experience with a minimum of 2 years of relevant cybersecurity experience, including compliance assessment and planning through the STIG and POA&M process.
• Hold a current Security+ or IAM/IAT equivalent level certification.
• Have two or more years of experience working with the RMF, DAAPM/DAAG , NISPOM, JSIG or other equivalent security frameworks.
• US Citizen.
• Applicant selected will be subject to government security investigation and must meet eligibility requirements for access to classified information at the level appropriate to the project requirements of the position. Employment will be contingent on selected applicant submitting application for access and receiving notification of eligibility within a time period to be specified in the job offer. If eligibility is confirmed within the specified period, employment must begin within 30 days of confirmation of eligibility. Eligibility for access to classified information must continue without interruption during employment.

Nice To Haves

• Bachelor's in Computer Science, Cyber Security, or related field.
• Previous experience as an Auditor, ISSO, ISSE, Security Architect, or Information Security Analyst.
• Held cybersecurity positions in classified DoD environments for more than four years.
• Have four or more years of experience working with Linux environments.
• Eligibility for immediate access to classified information at the level appropriate to the project requirements of the position.
• Experience with vulnerability/compliance scanning tools (ACAS/Nessus, Retina, MBSA, SCAP etc.).
• Experience with the implementation of STIG/SRG compliance configurations.

Responsibilities

• Responsible for ensuring classified systems follow government and ARL regulations while meeting program demands and operating in an accredited state.
• Assist in daily IT governance, risk management, and compliance function.
• Providing oversight of compliance assurance, for the daily administration of information security measures in compliance with the NISPOM, DAAPM/DAAG , JSIG, DISA, and other relevant system security requirements to include those under the Risk Management Framework (RMF).
• Responsible for assisting in ensuring that classified information systems meet the Risk Management Framework requirements for National Security computing environments as defined by the National Institute of Standards and Technology 800-Series, the Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual, the Joint Special Access Program Implementation Guide (JSIG), and other governing bodies.
• Conducting continuous monitoring reviews, and self-assessments of classified information systems and their applicable security controls to ensure both government and ARL policy compliance.
• Assist in updating, and maintaining system level Plan of Action and Milestones (POA&M) through compliance checks, STIG and SCAP reviews, and Nessus Scanning.
• Responsible for drafting detailed reports of compliance and self-inspections outcomes, for upper management review.
• Other related functions as assigned.

Benefits

• 100% employer-paid basic medical coverage
• Retirement contributions
• Paid vacation and sick time
• Paid holidays