Senior Compliance Analyst

This role supports the development and continuous improvement of the ISCM program which includes: cybersecurity management support for operational performance and compliance for all networks, systems and applications; providing centralized management of Security Assessments (SA), ongoing assessments, new authorizations; proposing information security technical and administrative solutions; performing analysis to ensure security controls are consistently implemented; integrating new technology with information security standards; developing and executing plans for monitoring and assessing networks, systems and application; supporting sustainment of the Risk Management Framework (RMF); and facilitating the adoption of CISA’s Continuous Diagnostic and Mitigation (CDM) program.

The successful candidate will have had prior experience working with a wide variety of technologies, be well-versed in the current state of Information Security, and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc). The candidate will be required to interface with federal employees and contractors to lead/perform the required activities and work both independently and collaboratively.

Role Responsibilities:

• Provide high-level functional systems analysis, design, integration, documentation and

implementation advice on moderately complex problems relating to cybersecurity that require an appropriate level of knowledge of the subject matter for effective implementation.

• Provide technical knowledge and analysis of highly specialized applications and operational environments.

• Apply principles, methods and knowledge of cyber security to specific task order requirements, advanced principles and methods to difficult and/or narrowly defined technical problems in cybersecurity.

• Assist other senior consultants with analysis and evaluation and with the preparation

of recommendations for system improvements, optimization, development, and/or maintenance efforts in related domains.

• Coordinate with appropriate stakeholders and system owners to ensure all NIST 800-53

controls are properly implemented and assessed during the steps of the ATO lifecycle

• Perform authenticated automated assessment scans

• Verify access points using services returned in automated assessment results

• Manually review documentation against automated scan results and identify discrepancies

• Demonstrate structured adaptability within the scope of each assessment

• Contribute to a collaborative, evolving work environment

• Thorough understanding of the security concepts and intricacies associated with Cloud Computing, Infrastructure, Data Protection, Digital Mobility, Application Security, and Regulatory Compliance.

• Define and manage reporting and measurement systems for IT Security

Required Qualifications

• A minimum of eight (8) years of experience in cybersecurity risk management, compliance, & A&A of Federal systems

• Four (4) years of working with NIST Guidelines and FISMA requirements (including SP 800-53 rev 5)

• A minimum of two (2) years of vulnerability assessment tool experience;

• Knowledge of FedRAMP and FISMA regulatory compliance requirements.

• Direct experience working in governance, risk, and compliance

• Defining and managing reporting and measurement systems for IT Security

• Clear and effective communication - orally and in writing.

• A minimum of a bachelor's degree in a related field

Desired Experience:

• Related Cybersecurity certifications are preferred but not required

• ISCM / CDM experience, preferably with an emphasis on automation, is preferred but not required

• Experience developing requirements definition from available documentation and engaging stakeholders as well as developers is preferred but not required

‍

Clearance and Location Requirements:

• Ability to obtain a Public Trust clearance is required.

• This role is currently fully remote.

‍

Senior Compliance Analyst

Need help? Lets talk.