IT Compliance Analyst

About The Position

Requirements

• Must possess and maintain an active Secret Clearance. Must be able to meet security investigation and meet eligibility requirements for access to classified information.
• High School Diploma or equivalent.
• Three (3) or more years of experience executing the NIST Risk Management Framework (RMF) and/or the DoD Information Assurance Certification and Accreditation Program (DIACAP).
• Navy Cyber Security Workforce (CSWF) baseline certification at IAM Level I or a higher-level certification is required. Acceptable certifications include Security+ CE, CAP, CND, GSLC, Cloud+, and HCISPP.
• IA Contractor Training and Certification and Computing Environment (CE) certification may be required at the task order level.
• Supporting the security Assessment and Authorization/ATO process.
• Experience with reviewing, comprehending and documenting findings from ACAS (Assured Compliance Assessment Solution) Reports.
• Experience with SCAP (Security Content Automation Protocol).
• Experience with DoD Architecture Framework (DoDAF) standards and assessments of enterprise information security architecture, processes, procedures, activities, and operations.
• Experience with performing cyber security risk assessments and identifying, verifying, and consolidating specific vulnerabilities, causes, analysis of alternatives and identification of appropriate corrective actions from each risk assessment conducted.
• Experience with evaluation of Security Technical Implementation Guides (STIGs) to determine applicability to systems and assets.
• Functional expertise with Microsoft Office suite of products, including Word, Excel, PowerPoint, Visio, and Project.

Nice To Haves

• BA or BS degree from an accredited institution in related field (e.g., Management Information Systems, Information Technology, Computer Science, Math, Business, Engineering, or Physical Science, etc.)
• Prior experience with DoD Information Assurance Certification and Accreditation Program (DIACAP).
• IT project management experience supporting Navy or DoD network systems.
• Excellent oral and written communication skills, including drafting, reviewing, and editing technical graphs, briefs, or documents.
• Evidence of being detail oriented with strong critical thinking in areas of IT process analysis / process improvement.
• Possesses Good Team Skills having the ability to coordinate and work well with others.
• Working knowledge of Microsoft Visio, including the ability to create and maintain detailed diagrams and workflow visualizations in support of operational and technical requirements.

Responsibilities

• Provide package support per Naval Education and Training Commands continuous monitoring guidance.
• Establish periodic meetings/Meet with NETC Cyber RMF Team to discuss RMF timelines, tasks, and deliverables.
• Maintain eMASS Record.
• Maintain Key artifacts (Package hardware/software lists, diagrams, etc).
• Maintain other artifacts required by RMF/eMASS (Categorization Form, Contingency Plan (CP), Disaster Recovery Plan (DRP), Incident Response Plan (IRP), Vulnerability and Patch Management Plan, Privacy Impact Assessment (PIA), System Level Continuous Monitoring (SLCM) Strategy).
• Ensure MONTHLY Scans are conducted per SCA Testing Guidance.
• Ensure all assets in Hardware are scanned, and credentialed.
• Process scans utilizing the eMASSter tool.
• Ensure all applicable STIGS are conducted for all assets in the Hardware List.
• Ensure all QUARTERLY updated applicable STIGs from DISA website are implemented.
• Review findings and associate each with applicable affected security control.
• Update POAM items (See POAM Section).
• Web Risk Assessment (WRA) Scan (if applicable).
• ATO Modifications (Use Case).