Position Description Our client seeks a motivated security professional to support our client’s projects at the National Cancer Institute. The Cloud Security Analyst is responsible for creating and documenting mitigation recommendations. The position is ideal for a talented Cloud Security Analyst who is interested in working in an exciting, growth environment among people passionate about advanced technologies in fight against the cancer.
Prepare, validate, and maintain security documentation such as system security plan, risk assessment, contingency plan, Privacy Impact Assessment (PIA), eAuthentication assessment, and FIPS 199 categorization
Practical understanding and application of the NIST Risk Management Framework and FedRAMP requirements
Work with system owners and technical leads to develop and maintain security documentation required for Authority to Operate (ATO) approval.
Manage POA&Ms through remediation as well as develop corrective action plans for each POA&M
Ensure compliance with security policies, standards, and procedures
Monitor information systems and environments of operations, including developing and updating security plans, managing and controlling changes to information systems, and assessing security impact
Coordinate security-related activities with the Information System Security Officers (ISSO), Information System Owners, and common control providers
Coordinate vulnerability scanning activities and analysis results
Excited about working with cutting-edge environment scientific environment
A minimum of six (6) years of demonstrated responsible job related experience. Experience must include functioning as an analyst or equivalent for compliance auditing, information security, information systems, or related.
Able to develop technical documentation and non-technical presentations
Demonstrate working knowledge of standards and guidelines for Information Security published by the National Institute of Standards and Technology (NIST)
Must have a current International Information Systems Security Certification Consortium (ISC2), Information Systems Audit and Control Association (ISACA), or Global Information Assurance Certification (GIAC) certification or obtain professional certification within six (6) months of hire
Working knowledge and expertise required for administering the information security aspects of information systems in compliance with regulations and directives of FISMA, the Office of Management and Budget (OMB), and the Health Insurance Portability and Accountability Act (HIPAA)
Regulatory compliance experience related to cloud security
Experience with regulatory compliance related to cloud security
Competitive base salary plus bonus
Paid time off
Ten paid holidays
Health Savings Account
Retirement benefits with employer contributions
Dependent Care Flexible Spending Account
Life Insurance, Short and Long Term disability