Address
SalaryMacro Pros is seeking an Information Security Compliance Analyst / Authorization and Accreditation (A&A) Specialist for a long-term engagement in Bethesda, MD. The work location schedule is Monday on-site and Tuesday through Friday remote. Must be a US Citizen and able to pass a standard background check for a Public Trust Clearance.
In this role, you will (1) analyze, review, monitor, and reassess the adequacy of Information Security controls across the organization; (2) execute technical risk assessments using NIST SP 800-30 methodology against a variety of organization units, entities, business units, technologies, data centers, etc.; (3) perform security audits, internal security assessments, risk assessments, and support the management of independent external security audits; and (4) develop alternative methods of reporting assessment results to meet executive leadership requirements.
Responsibilities:
- Advising on and helping establish sound Information Security processes and controls for the project according to federal Information Security policies, practices, and standard operating procedures (SOP), and engaging with the implementation teams to ensure that the solutions designed, built, deployed, and operated and maintained adhere to the same Information Security requirements.
- Verify that the Information Security controls implemented by and in connection with the enterprise technology solutions deployed are operated as designed.
- The individual will liaise with the authorization and accreditation (A&A) team at the client to ensure control requirements are understood and addressed and coordinate responses to A&A assessments in connection with the authority to operate (ATO) for new solutions deployed.
- Organize and conduct Information Security control assessments to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will engage project management, project team leads, and client stakeholders as appropriate in conducting assessments, sharing results, and validating remediation of control weaknesses.
- Minimum of 3 years of experience consulting to the US Federal government, evaluating the security posture of information systems in accordance with federal Information Security requirements and industry leading guidance and providing risk-based observations and recommendations for information systems security, controls, and operation in connection with conducting A&As for ATOs
- Demonstrated comprehension and application of standards and guidance per the National Institute of Strategy and Intelligence (NIST), the Committee on National Security Systems (CNSS), and the Federal Information Security Modernization Act (FISMA) following Federal Information System Controls Audit Manual (FISCAM) and the Government Accountability Office (GAO) Standards for Internal Control in the Federal Government ("Green Book"), NIST Special Publications (SP) 800-37 and 800-53, and NIST Federal Information Processing Standards (FIPS) 199 and 200
- Demonstrated experience working with information system stakeholders in aiding them to understand Information Security requirements related to federal and industry standards, i.e., NIST, DHS 4300A, CNSS, and design and operate Information Security controls
- Demonstrated experience assessing information system risks and controls and identifying information system control design and operation weaknesses
- Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific/technical discipline is contractually required
- Certified Information Systems Auditor (CISA) certification
