Due to background check requirements, candidates must be US citizens and be able to clear a CJIS background check. No C2C's or GC Holders.
This position requires 25% of the time traveling to client sites.
Key Responsibilities:
- Evaluate the security controls within the enterprise architecture to identify vulnerabilities as part of System Security Plan creation and Authority to Operate processes.
- Analyze information and prepare reports defining the client’s maturity level for each security objective.
- Provide remediation suggestions to address vulnerabilities and improve the overall security of the enterprise architecture.
Day to Day Responsibilities:
- Meet with clients to perform security assessments.
- Develop and coordinate all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Security Assessment Report.
- Develop and coordinate all authorization documentation associated including the Systems Categorization, Systems Security Plan, and Security Assessment Report.
- Review existing SA&A documentation, System Security Plan (SSP), Security Assessment Report (SAR), and other supporting artifacts.
- Ensuring the information system receives and maintains a valid authority to operate (ATO) at all times.
- Perform analysis through interviews and examination of policy and process documentation.
- Define the client’s maturity levels for specific security objectives.
- Provide recommendations to improve current maturity levels, this will include cost estimates.
- Follow basic audit and assessment guidelines as outlined by ISACA.
- Provide reporting through Word, Excel, and PowerPoint.
- Deliver products to Technical and Executive levels through remote and onsite presentations.
- Utilize secure methods of delivery.
- Meet with clients to understand and define business objectives, requirements, and constraints.
- Follows basic quality techniques in both processes and services to ensure the organization’s quality standards are met.
- Train and lead users through implementation of security solutions.
Preferred Experience and Attributes:
- Minimum of 2 years’ experience in performing security assessments.
- Experience with GRC related tools like RSA Archer and Tenable.
- Professional Certification CISA, CISSP, CBAP, CAP, and/or PMP (highly preferred)
- Excellent communication skills, written and verbal.
- Ability to present to both Technical and Executive levels.
- Knowledge of Word, Excel, PowerPoint, SharePoint.
- Technical background that will assist in complying with the NIST SP 800-53/800-171 and PCI security controls and gather evidence to support compliance.
- Experience in creating process documentation.
- In-depth understanding and knowledge of NIST 800-53 controls.
- Customer service orientation.