We are seeking a Security Policy/Compliance Analyst who will develop and implement Security Policy and/or validate Security Compliance against policies to help improve the client’s ability to reduce the impact of security threats. The Security Policy/Compliance Analyst will assist in prioritizing, defining strategy and managing identified security Plans of Action and mitigation (POAMs). May analyze and prioritize the outcomes to develop mitigation strategies utilizing current security platforms or recommendations for new security architectures. The Information Systems Security Policy/Compliance Analyst keeps current on advances in the field of Federal IT, and provides analytical guidance to the project team. The Information Systems Security Policy/Compliance Analyst may act as a customer contact for technology, lead technical review sessions with customer.
The qualified applicant will become part of Northrop Grumman's Information technology support services contract for the SSA.
Description of Work:
Perform as a Security Policy/Compliance analyst
Work onsite with the customer’s technical teams and leadership to build relationships and find ways to leverage and maximize technical investment recommendations
Assist with RFP technical proposal responses, as needed
Assist Cloud Architects in establishing a strategy and approach to transform customer infrastructure and development environment to a Cloud based solution
Developing Security Policies and/or ensuring Security Compliance for Cloud implementations
Drive security requirements for the customer, integrating multiple capabilities and scenarios supporting the cloud implementations
Provide Security Policy and/or Security Compliance expertise to managers and technical staff, and the customer
Function as a Security Policy and/or Security Compliance expert on project assignments, and must possess the ability to apply a comprehensive knowledge across key tasks and high impact assignments.
Plan and lead Security Policy and/or Security Compliance assignments, with the potential to supervise others in doing so.
Demonstrates strong oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences, as well as interface with the senior customers on a daily basis
Ensure HIPAA violations do not occur within the program by taking a proactive role in the constant vigilance and rigor to emphasize HIPAA compliance throughout all levels of the program (systems, personnel, and data). To be fully aware of all PHI/PII within their respective program and how it is protected.
Minimum knowledge, skills, abilities.
Bachelor’s degree in Business, Computer Science, Information Technology, Information Systems, Systems Engineering, or related disciplines and 9 years of experience; Master’s degree in Business, Information Technology, Information Systems or related disciplines and 7 years’ experience; or 13 years of experience will satisfy the education and experience requirement.
5+ years of experience working as a Security Policy or Security Compliance as a Cyber Security, IT Security, or Information Assurance analyst
3+ years of experience with developing security policies, processes, and procedures in the federal government
3+ years of experience with assessing new security laws, policies, or standards to determine program-level impact
3+ years of experience with the NIST Risk Management Framework and SP 800 issuances, continuous monitoring, and information system security policies, standards, and procedures
Must have a solid understanding of cloud deployment, security policy requirements and assessments, and service models as defined by the National Institute of Standards and Technology (NIST).
Ability to perform an IT audit and develop a comprehensive risk assessment process; on multiple CSPs and services offerings such as Microsoft Office 365 and SharePoint.
Ability to obtain a position of public trust.
Must be US Citizen or US Permanent Resident
Candidates with these skills will be given preferential consideration.
Security+ Certification or other Professional security or auditing certifications a plus: CISSP, CISA, GIAC, SSCP, CIPP, CIA, CSCS
Technical awareness of FedRAMP, FISMA, NIST, RMF and Federal Government Certification and Accreditation (C&A) process
Experience with responding to external audits and developing remediation plans