Senior IT Risk and Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in computer science, Information Technology, or a related field (or equivalent years of experience).
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications.
• Minimum of 4 years of experience in information security roles, emphasizing security architecture and engineering solutions.
• Proven experience in performing network penetration testing, vulnerability scans, and configuration analysis.
• Experience overseeing project penetration testing activities.
• Experience coordinating communications across vendors, internal stakeholders, and program owners.
• Experience using CSAM ATO
• In-depth knowledge and experience guiding information systems through the Authorization to Operate (ATO) process: Proficient in navigating the complex landscape of ATO processes, demonstrating a successful track record in obtaining authorizations for information systems
• Extensive knowledge of the steps involved in the ATO process, ensuring compliance with government regulations and standards, including NIST Special Publications and FISMA
• A proven ability to streamline and expedite ATO timelines without compromising security standards, showcasing efficiency in documentation and regulatory adherence
• Expertise in developing and presenting comprehensive ATO documentation, including System Security Plans, to accrediting authorities and other relevant stakeholders
• Demonstrated skill in addressing and mitigating security risks identified during the ATO process, ensuring the secure operation of systems in various environments
• Exceptional communication skills to articulate ATO requirements, progress, and challenges to both technical and non-technical stakeholders, fostering collaboration and understanding.
• Demonstrated experience in developing threat models and security risk assessments.
• Ability to recommend mitigations and countermeasures to address identified risks, vulnerabilities, and threats.
• Experience conducting incident response across vendors, internal stakeholders, and program owners, including implementing, and coordinating the response plan, overseeing the technical response, and coordinating with legal, technical, and communications teams.
• Thorough understanding and experience with government regulations and standards related to information security.
• In-depth knowledge of security compliance checks and the ability to perform audit activities.
• Experience in reviewing and validating security documentation, including system security requirements definition and System Security Plans.
• Experience conducting penetration testing across multiple vendors, contractors, and consultants that meet stringent client requirements.
• Strong communication skills with the ability to guide NORC customers on information security policies and regulations.
• Ability to effectively communicate complex security concepts to both technical and non-technical stakeholders.
• U.S. citizens due to security clearance requirements for projects.

Nice To Haves

• Preferred experience as an ISO for federal programs and projects.

Responsibilities

• Work with the team in specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity.
• Help develop and implement tools and processes to measure and track IT risk and compliance metrics.
• Provide guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting.
• Assist the team with conducting risk assessments and security impact analyses of information systems.

Benefits

• Generously subsidized health insurance, effective on the first day of employment
• Dental and vision insurance
• A defined contribution retirement program, along with a separate voluntary 403(b) retirement program
• Group life insurance, long-term and short-term disability insurance
• Benefits that promote work/life balance, including generous paid time off, holidays; paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP).