SENIOR INFORMATION SECURITY ANALYST (REMOTE ELIGIBLE)

$90,000 - $125,000/Yr

Mathematica Policy Research - Austin, TX

posted 12 days ago

Full-time - Mid Level
Hybrid - Austin, TX
Professional, Scientific, and Technical Services

About the position

Mathematica is seeking a highly organized and tech-savvy Senior Information Security Analyst to join its IT Security, Risk, and Compliance group. This role focuses on enhancing Mathematica's information security program and delivering client security services across various sectors. The analyst will advise project teams on security standards, lead compliance efforts, and contribute to the development of security documentation, ensuring alignment with government and industry best practices.

Responsibilities

  • Engage with project teams advising on development of solutions to align with prevailing security and privacy standards, guidelines, and best practices.
  • Lead security tasks on project teams with significant client-facing security responsibilities, including establishing and maintaining compliance with contractual, FISMA, and HIPAA requirements.
  • Lead the development of client and corporate security assessment and authorization documentation.
  • Lead on-premise and cloud technology risk and compliance assessments and recommend solutions to correct deficiencies.
  • Support federal clients in leading the execution of annual security and privacy assessments of third-party developed information systems.
  • Translate project security and privacy compliance requirements into tasks, prioritize assignments, and develop plans and schedules to support timely delivery.
  • Contribute security oversight into early-stage information system design planning on projects.
  • Ensure project teams integrate standardized information security principles into modern application architecture development.
  • Promote use of disciplined security testing techniques, tools, and metrics across SDLC.
  • Interact directly with clients and partners, including HHS and large federal IT integrators, and states.
  • Develop, operationalize, and standardize security processes, including management of access to client systems and data, vulnerability management, and continuous monitoring.
  • Contribute to corporate security policies, standards, procedures, and plans, and identify opportunities to improve efficiency.
  • Actively support the advancement of organizational diversity, equity, and inclusion efforts.

Requirements

  • Bachelor's degree in computer science, software development, cybersecurity or relevant discipline preferred.
  • 5+ years of experience in security and privacy risk assessment and compliance in on-premises, cloud, and hybrid environments.
  • Possession of or ability to obtain professional certifications in information security or risk management, such as CISSP, CISM, or other relevant certification required.
  • Expertise in federal standards and regulations-compliant security and privacy programs, and Authority to Operate (ATO) processes.
  • Expert knowledge of relevant FedRAMP and NIST Special Publications.
  • Experience preparing and/or reviewing ATO documentation for federal agencies.
  • Experience reviewing security control implementations and communicating security best practices and risks associated with control deficiencies in cloud-hosted and on-premises environments.
  • Ability to collaborate effectively in a highly matrixed organization in on-premises, cloud, and hybrid security implementation.
  • Demonstrated knowledge of modern application architecture design principles and frameworks such as containerization, serverless computing, microservices, and RESTful API.

Nice-to-haves

  • Project Management experience including project planning, work breakdown structures, and budgeting.
  • Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  • Experience with Agile and DevSecOps approaches.
  • Familiarity with programming/scripting languages and frameworks.
  • Experience conducting vendor security assessments.
  • Experience creating and maintaining privacy and security policies (aligned to Federal requirements).
  • Experience using Jira to manage workloads and tasks and to oversee progress against established timelines and due dates.

Benefits

  • Competitive salaries
  • Comprehensive benefits package
  • Employee stock ownership plan (ESOP)
  • Discretionary bonus based on company and individual performance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service