Unclassified - New York, NY

posted about 2 months ago

Full-time - Mid Level
New York, NY

About the position

The CyberSecurity Assessment and Authorization Analyst plays a crucial role in supporting the Department of Health and Human Services, specifically the Indian Health Service (IHS). This position is primarily responsible for executing and assisting in the completion of security certifications, as well as providing support in the development and implementation of a comprehensive program to manage compliance with government regulations. The analyst will conduct annual security controls effectiveness testing, document findings, and monitor remediation efforts across all systems in accordance with established policies and procedures. In addition to testing, the analyst will engage in significant research, evaluation, and documentation development, which includes creating security assessment reports, methodologies, briefings, and presentations. The role involves conducting information security audits and risk assessments on customer systems and networks, ensuring compliance with NIST standards and the Risk Management Guide for Information Technology Systems. The analyst will also be responsible for reviewing and updating security and contingency plans annually, making recommendations to address any identified deficiencies. The analyst will assist system owners in developing security authorization packages that comply with National Institute of Standards and Technology (NIST) guidelines and organizational standards. This includes evaluating the implementation of security controls as required by NIST and preparing security authorization packages using approved customer templates. The analyst will also assist in meeting various federal mandates and directives related to security, including FISMA, HIPAA, OMB mandates, and HSPD, ensuring that customer information and systems are adequately protected from unauthorized access and other threats. Regular briefings will be provided to staff, detailing areas of conformance to directives and corrective recommendations for deficiencies. The position requires a commitment to personal development through available training opportunities and adherence to company policies and guidelines to maximize personal output. The analyst is also expected to maintain a safe and orderly work environment, reporting any unsafe conditions to supervisors and taking corrective actions as necessary. Overall, this role is integral to fostering a culture of compliance and security within the organization, ensuring that all operations align with federal regulations and best practices in information security.

Responsibilities

  • Conduct annual security controls effectiveness testing.
  • Document findings and monitor remediation efforts on all systems according to established policies and procedures.
  • Conduct research, evaluation, and documentation development such as security assessment reports and methodologies.
  • Conduct information security audits and risk assessments on customer systems and networks, documenting in accordance with NIST standards.
  • Review and update security and contingency plans annually, making recommendations to address deficiencies.
  • Assist system owners in developing security authorization packages compliant with NIST guidelines.
  • Evaluate the implementation of security controls as required by NIST.
  • Prepare security authorization packages using approved customer templates.
  • Assist in meeting federal mandates and directives related to security compliance.
  • Review and update risk assessments when significant changes occur to systems or networks.
  • Ensure customer information and systems are protected from unauthorized access and threats.
  • Provide briefings and documented results to staff regarding compliance and corrective recommendations.
  • Analyze major IT systems from a security perspective during the system development lifecycle.
  • Review standard security configurations for compliance with federal directives and best practices.
  • Engage in self-development through available training opportunities and maintain a safe work environment.

Requirements

  • Bachelor's degree in Computer Science or a related field.
  • Minimum of eight (8) years of relevant experience in information security.
  • At least four (4) years of experience in certification and accreditation compliance or Security Assurance (NIST based).
  • In-depth knowledge of NIST SP 800 series and FedRAMP guidance and standards.
  • Highly organized with the ability to manage multiple projects and priorities effectively.
  • Ability to work in a fast-paced environment and learn new knowledge related to incident response and continuous monitoring.
  • Excellent verbal and written communication skills for preparing reports and interacting with diverse audiences.
  • Strong critical thinking skills to identify, analyze, and resolve complex issues.
  • Working knowledge of OMB, FISMA, FIPS, HIPAA, and other federal regulations related to Information Security.

Nice-to-haves

  • CAP, CISSP, CISM, CISA, SANS GIAC, Security+, Network+, Linux+, MCSE, CCNA or SSCP certifications.

Benefits

  • Medical
  • Dental
  • Vision
  • 401(k)
  • STD/LTD/AD&D
  • Employee Assistance Program (EAP)
  • Paid Time Off (PTO)
  • Training and Development Opportunities
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service