SBD is looking for a Security Compliance Analyst to join our team supporting our government client. This position requires on-site support 1 day/ week at our federal client's HQ located in Camp Springs, MD.
The successful candidate will use their skillset to assist the client with supporting all aspects of the execution and oversight of its Continuous Monitoring/ Ongoing Authorization Program, including evaluating compliance with security policy and guidance, identifying risk events within the enterprise portfolio, reporting on compliance and risk-related date, and escalating non-compliance in accordance with documented procedures. The Analyst will also support the security activities associated with evaluating, implementing, and managing security practices and continued operations of new and existing technologies across the Enterprise. This position is required to interface directly with Information System Security Officers (ISSOs) and Federal employees.
Responsibilities Include:

• Develop and maintain documentation and guidance (i.e., SOPs, training materials) in support of the client's Risk Management Strategy, Continuous Monitoring/ Ongoing Authorization Program.
• Develop memos and other governing documentation necessary to promote and support the client's Risk Management Program to include assigned responsibilities.
• Execute and provide general support to the client in monitoring system compliance and the requirements of the client's' Risk Management Program.
• Assist Information System Security Officers (ISSOs) across the organization in developing an understanding of executing system monitoring and compliance related duties.
• Monitor and review NIST guidance and DHS policies for changes and evaluate potential impacts on the client's Risk Management Program.
• Act as a conduit among other Information Security groups, internal to the client's organization, to facilitate the client's mission, including but not limited to the goals of the client's Risk Management Program.
• Conduct research, outreach, and develop responses to priority data calls pertaining to security issues and events.
• Using automated tools, monitor the security posture of all systems in the client's portfolio, identify risk events, and escalate accordingly, recommending mitigation solutions if/as appropriate.
• Provide support to the Weakness Remediation/ Plan of Actions and Milestones (PO&AM) Program, including but not limited to, assisting system teams with identifying/ investigating root causes and remediation plans, drafting weakness descriptions for POA&Ms, reviewing waiver documentation, maintaining accurate reporting for the program, and other duties as assigned and documented in the POA&M SOP.
• Develop training materials and deliver formal and informal training to ISSOs to facilitate a broad understanding of best practices in executing ISSO assigned duties.
• Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization.
• Develop briefings and presentations for Government PM and Executive Management.
• Perform other duties as assigned by the Government.
• Revise, edit, or update security authorization documentation and presentations.
• Develop a thorough understanding of the audience and the documentation required by meeting with colleagues and working with managers to discuss technical problems.
• Research and build knowledge about products, services, technology, or other concepts aligning to our client's forward-looking strategies.
• Determine the clearest and most logical way to present information and instructions for greatest reader comprehension; write and edit technical information accordingly.
• Meet with SMEs in order to ensure that specialized topics are appropriately addressed and discussed.

Required Experience and Qualifications:

• Bachelor's Degree in Information Technology or related field.
• 5+ years of specialized experience in one of the following positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor, or Information Systems Security Manager, supporting clients in the federal government.
• Previous experience supporting Department of Homeland Security federal clients.
• Previous experience using one or more of the following tools: Do CSAM, tenable.io, Splunk Enterprise v 7.3 and higher, JIRA/ Confluence.
• Working knowledge of the NIST SP 800-37 Risk Management Framework.
• In depth knowledge of the NIST SP 800-53 and direct experience applying the NIST SP 800-53 to document and evaluate IT system compliance with specified control requirements.
• Works well independently and possesses a solid understanding of cyber security concepts.
• Ability to work efficiently and effectively in a dynamic and fast-paced environment.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Possess a deep understanding of Security Regulations, such as the NIST Publications and OMB Security related documents.
• Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
• Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government.
• Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
• Ability to work independently and function as an integral part of the team.
• Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
• Ability to clearly communicate to other Security Compliance Analysts (Federal and Contractor) as well as to Branch Chiefs.
• Must have previous client-engagement experience.
• Must be a US Citizen with suitable eligibility for an agency-specific Public Trust clearance. This must be obtained prior to starting.
• CISSP, CISA, CISM, and/or similar certification preferred, but not required.
• Must reside within a commutable distance to Camp Springs, MD in order to work onsite at least 1 day/week.
• Must be able to pass a comprehensive background check.

Job Type: Full-time

Please Note :
apexdining.ca is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, apexdining.ca provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.