Bravura Information Technology Systems - Sacramento, CA
posted 4 months ago
The Information Systems Owner/Information Security Analyst position is a critical role that supports the Customer's IT staff in managing both classified and unclassified networks. This role is essential for enabling the development functions necessary to meet the requirements of critical Department of Defense (DoD), Special Operations, and Intelligence missions. The analyst will collaborate closely with information owners (IOs), user representatives, and end-users to identify computing requirements, budgetary estimates, and project timelines, ensuring alignment with the Information System Security Officers (ISSOs) in the IT Branch. In this role, the analyst will support Risk Management Framework (RMF) initiatives, which are vital for maintaining the security and integrity of information systems. The responsibilities include developing hardware and software life cycle business cases and managing assigned projects within the constraints of scope, schedule, and budget. The analyst will also be responsible for developing, maintaining, updating, and tracking the System Security Plan (SSP) for assigned Information Systems (IS) and Platform Information Technology (PIT) Systems. The position requires planning and developing budgetary estimates for the implementation, assessment, and sustainment of security controls throughout the system life cycle. This includes effective configuration and vulnerability management. The analyst will ensure that system security engineering standards are adhered to in the design, development, implementation, integration, modification, and testing of system architecture, in compliance with organizational standards. Additionally, the role involves documenting systems that cannot be made compliant and assisting the ISSO in preparing risk acceptance documents. The analyst will work with the IO and ISSO to identify and document the appropriate level of protection for data, including the use of encryption. They will also identify potential impacts to existing Authorizations to Operate (ATOs) and establish media sanitization procedures. The role requires the identification of processes, procedures, and guidelines for compliance with protection requirements, incident management reporting, remote access requirements, and the management of encryption use. Furthermore, the analyst will assist the Program Manager/System Manager (PM/SM), IO, and Information System Security Manager (ISSM) in preparing the final package needed for the Authorizing Official (AO) to make authorization decisions. Ensuring that authorized users and support personnel receive appropriate cybersecurity training prior to gaining access to systems is also a key responsibility.