Ipkeys Technologies

posted about 2 months ago

Full-time - Mid Level
Professional, Scientific, and Technical Services

About the position

The CyberSecurity Assessment and Authorization Analyst plays a crucial role in supporting the Department of Health and Human Services, specifically the Indian Health Service (IHS). This position is primarily responsible for executing and assisting in the completion of security certifications, as well as providing support in the development and implementation of a comprehensive program to manage compliance with government regulations. The analyst will conduct annual security controls effectiveness testing, document findings, and monitor remediation efforts across all systems in accordance with established policies and procedures. In addition to testing, the analyst will engage in significant research, evaluation, and documentation development, which includes creating security assessment reports, methodologies, briefings, and presentations. The role also involves conducting information security audits and risk assessments on customer systems and networks, ensuring that documentation aligns with the National Institute of Standards and Technology (NIST) guidelines and the Risk Management Guide for Information Technology Systems. The analyst will be responsible for reviewing and updating security and contingency plans annually, making recommendations to address any identified deficiencies. Furthermore, the analyst will assist system owners in developing security authorization packages that comply with NIST guidelines and organizational standards. This includes evaluating the implementation of security controls, preparing security authorization packages, and ensuring compliance with federal regulations such as FISMA, HIPAA, and OMB mandates. The analyst will also be tasked with reviewing and updating risk assessments in response to significant changes in systems or networks, ensuring that customer information and systems are adequately protected from unauthorized access and other threats. The role requires effective communication skills to brief staff on compliance areas, corrective recommendations, and plans of action to address deficiencies. The analyst will analyze major IT systems from a security perspective throughout the systems development lifecycle and will be responsible for maintaining a neat and orderly work environment, reporting any unsafe conditions, and participating in self-development through available training opportunities.

Responsibilities

  • Conduct annual security controls effectiveness testing and document findings.
  • Advise and monitor remediation efforts on all systems in accordance with established policy and procedures.
  • Conduct research, evaluation, and documentation development such as security assessment reports and methodologies.
  • Perform information security audits and risk assessments on customer systems and networks, documenting in accordance with NIST guidelines.
  • Review and update security and contingency plans annually, making recommendations to address deficiencies.
  • Assist system owners in developing security authorization packages compliant with NIST guidelines.
  • Evaluate the implementation of security controls as required by NIST and prepare security authorization packages.
  • Assist in meeting mandates and directives related to federal regulations such as FISMA and HIPAA.
  • Review and update risk assessments when significant changes occur to systems or networks.
  • Ensure customer information and systems are protected from unauthorized access and provide documented results to staff.
  • Analyze major IT systems from a security perspective during the systems development lifecycle.
  • Review standard security configurations for compliance with federal directives and best practices.
  • Participate in self-development through available training opportunities.
  • Maintain a neat and orderly work area and report any unsafe conditions.

Requirements

  • Bachelor's degree in Computer Science or a related field of study.
  • Minimum of eight (8) years of relevant experience in information security.
  • At least four (4) years of certification and accreditation (C&A) compliance / Security Assurance (SA) experience based on NIST standards.
  • In-depth knowledge of NIST SP 800 series and FedRAMP guidance and standards.
  • Excellent verbal and written communication skills for preparing reports and interacting with diverse audiences.
  • Strong critical thinking skills to identify, analyze, and resolve complex issues.

Nice-to-haves

  • CAP, CISSP, CISM, CISA, SANS GIAC, Security+, Network+, Linux+, MCSE, CCNA or SSCP certifications preferred.
  • Ability to work in a fast-paced environment and learn new knowledge related to incident response and continuous monitoring capabilities.
  • Highly organized with the ability to manage multiple projects and priorities.

Benefits

  • Medical
  • Dental
  • Vision
  • 401(k)
  • STD/LTD/AD&D
  • Employee Assistance Program (EAP)
  • Paid Time Off (PTO)
  • Training and Development Opportunities
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service