Unclassified - New York, NY
posted about 2 months ago
The CyberSecurity Assessment and Authorization Analyst plays a crucial role in supporting the Department of Health and Human Services, specifically the Indian Health Service (IHS). This position is primarily responsible for executing and assisting in the completion of security certifications, as well as providing support in the development and implementation of a comprehensive program to manage compliance with government regulations. The analyst will conduct annual security controls effectiveness testing, document findings, and monitor remediation efforts across all systems in accordance with established policies and procedures. In addition to testing, the analyst will engage in significant research, evaluation, and documentation development, which includes creating security assessment reports, methodologies, briefings, and presentations. The role involves conducting information security audits and risk assessments on customer systems and networks, ensuring compliance with NIST standards and the Risk Management Guide for Information Technology Systems. The analyst will also be responsible for reviewing and updating security and contingency plans annually, making recommendations to address any identified deficiencies. The analyst will assist system owners in developing security authorization packages that comply with National Institute of Standards and Technology (NIST) guidelines and organizational standards. This includes evaluating the implementation of security controls as required by NIST and preparing security authorization packages using approved customer templates. The analyst will also assist in meeting various federal mandates and directives related to security, including FISMA, HIPAA, OMB mandates, and HSPD, ensuring that customer information and systems are adequately protected from unauthorized access and other threats. Regular briefings will be provided to staff, detailing areas of conformance to directives and corrective recommendations for deficiencies. The position requires a commitment to personal development through available training opportunities and adherence to company policies and guidelines to maximize personal output. The analyst is also expected to maintain a safe and orderly work environment, reporting any unsafe conditions to supervisors and taking corrective actions as necessary. Overall, this role is integral to fostering a culture of compliance and security within the organization, ensuring that all operations align with federal regulations and best practices in information security.