Analyst, Cyber And Compliance

Position Title: Cyber and Compliance Analyst

POSITION SUMMARY:

The Analyst, Cyber and Compliance:

• Is expected to be a NIST/FedRAMP reporting and Compliance subject matter expert;
• assists the business through all FedRAMP processes while evaluating compliance, providing technical evaluation, and ensuring the highest quality products are produced for reuse across the federal government entities; and
• creates, edits, updates, and reviews all FedRAMP documentation for completeness, compliance, and risk acceptance criteria.

DUTIES AND RESPONSIBILITIES: 

Essential Duties:

• Works with stakeholders to ensure the system security posture and documentation meets the high standards of FedRAMP.
• Assists in managing multiple projects and communicating project deliverables and expectations to others while applying expertise and experience.
• Serves as part of a team that has routine contact with multiple stakeholders on assigned projects, leveraging others’ knowledge of DSS operations and business.
• Regularly builds/uses strong collegial networks to improve quality, and shape new corporate objectives as well as manages uncertainty and risks in difficult situations, relationships, and problems.
• Employs the ability to communicate, diagnose, and facilitate consensus in a variety of situations, setting clear expectations for execution and Compliance with framework requirements.
• Defines and leads the development of an operational framework for a FedRAMP high system to assess the maturity and audit readiness for each Product Offering.
• Helps define roadmaps and documentation for each Product Offering to achieve and maintain FISMA/FedRAMP compliance accreditations.
• Assists in the development and implementation of programs to measure and assess compliance in alignment with DSS policy and regulatory requirements.
• Acts as a subject matter expert for Federal and other External Compliance initiatives.
• Actively maintains cross organizational partnerships to drive continual improvements to keep pace with business and regulatory needs.

SECURITY AND PRIVACY DUTIES AND RESPONSIBILITIES

• Individuals working for DSS will be subject to security and privacy requirements as explained in HIPAA, FedRAMP, and NIST 800-53. Additionally, they are required to undergo specific FedRAMP training to ensure compliance with all associated controls and responsibilities in the day-to-day performance of their duties. Individuals working in departments that are considered to be in the high risk category will be required to undergo advanced training based on their role and level of access. Individuals with access to modify data and the configuration baseline will require further training.

The preceding functions are examples of the work performed by employees assigned to this job classification.  Management reserves the right to add, modify, change or rescind work assignments and make a reasonable accommodation as needed.

QUALIFICATIONS:

Skills:

Required:

• A deep understanding of requirements, controls, and accreditation process for: 
  • Federal Information Security Modernization Act (FISMA),
  • Federal Risk and Authorization Management Program (FedRAMP), and,
  • Security Technical Implementation Guide (STIG), and NIST guidelines.
• Working knowledge of cybersecurity policies and industry best practices, and risk analysis.
• The ability to establish and address priorities based on the evolving needs of the business.
  The ability to document complex processes and lead enablement activities for a variety of audiences.
• Communicate factually and efficiently across a broad spectrum of.

Desired:

• NIST Risk Management Framework in complex information system and organizational environments.
• Ability to work independently and with a small team.
• Ability to meet tight deadlines.
• Demonstrated current broad-based understanding of security architecture, computer technology, design, standards, and products based on both solid formal training and experience.
• Interest and aptitude to seek and assume higher levels of technical responsibility.
• Able to manage time effectively across more than one initiative and apply sound technical judgment.
• Demonstrated increasing levels of responsibility.
• Strong written communication, for both technical and non-technical audiences.
• Evidence of flexibility and adaptation to changes in processes, requirements, and priorities.

Education:

• Required:
  • Bachelor’s degree (or higher) preferred; equivalent combinations of work experience and\or education will be considered.
• Desired:
  • Any additional training orapplicable education.

Certification(s), Licenses:

• Required:
  • None
• Desired:
  • CISSP, CCSP, CISA, or similar advanced cybersecurity certifications

Years of experience in a similar role:

• Required:
  • 5 + years
• Desired:
  • Any additional experience in a similar role

PHYSICAL DEMANDS:

Standing

10% per day

Sitting

90% per day

Walking

10% per day

Stooping

5% per day

Lifting

Up to 15 lbs per day – computer, equipment etc.

Up to 50 lbs unassisted while on travel up to 5% per year

Computer Work

75% per day

Telephone Work

25% per day

Reading

20% per day

Other, please specify

• Travel unassisted up to 5% per year, via common carrier and/or personal automobile.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

If you need an accommodation seeking employment with DSS, Inc., please email jobs@dssinc.com or call (561) 284-7373. Accommodations are made on a case-by-case basis.