Distance:
The Intermediate Information Security Analyst will be an integral part of a team responsible for supporting the development and maturation of an Agency-wide information security (InfoSec) program for a large civilian Federal agency The candidate will serve as a subject matter expert with regards to the Risk Management Framework (RMF) and all associated information security policies and procedures and should possess in-depth knowledge of applying, selecting and testing the NIST family of security controls Leveraging the existing Governance, Risk, and Compliance (GRC) tool, Telos Xacta (or an alternate like CSAM or RSA Archer), to track and reconcile findings from assessments, audits, and vulnerability scans
Fortinet and automation (Ansible/HPNA/scripting, etc Scripting, automation, and development using Ansible and Perl Firewall and IPS experience
The role includes implementation and maintenance of policies, as well as training and awareness plus vendor risk management responsibilities Emphasize the application of privacy, security, business resiliency and compliance frameworks including but not limited to, FFIEC (Federal Financial Institutions Examination Council), Sarbanes-Oxley (SOX), Gramm-Leach-Bliley Act (GLBA), Service Organization Controls (SOC) 2, PCI-DSS, and ITIL V3/4 processes Collaborate with the Enterprise Risk Management team to design and maintain a risk and controls matrix mapped to applicable regulatory and selected framework controls and in alignment with the agreed risk appetite
We serve the infrastructure; Nuclear, Security & Environmental; Energy; Mining & Metals, and the Manufacturing and Technology markets As an Information Security and Compliance professional you will assist the team in many aspects, including but not limited to evaluating third party risk, define and embed security best practices, perform proactive cyber hygiene scans, and ensure that information security policies and procedures meet or exceed the highest standards Perform third party risk assessments and develop guidance that addresses gaps, automates risk scoring, and ensures recommended mitigations are implemented prior to deployment
