Information Security Analyst
Canada Remote Worker
The Emmes Company, LLC (“Emmes”) is a global, full-service Clinical Research Organization dedicated to excellence in supporting the advancement of public health and biopharmaceutical innovation. We believe in the power of truth, so much so that we named our company Emmes, which means truth. Through decades of experience we have learned that collaborative relationships thrive and human health benefits when truth is our compass.
Our “Character Achieves Results” culture is driven by five key values that guide our actions in the way we conduct research and distinguish us as an organization: Integrity, Agility, Passion for Excellence, Collaborative Partnerships and Intellectual Curiosity. We are a trusted partner to clients who share our passion for improving public health in a world of ever-changing scientific research.
If you share our motivations and passion in research, come join us! You will be joining a collaborative culture that empowers every Emmes employee — from entry level through top executive — to contribute to our clients’ success by sharing ideas openly and honestly.Primary Purpose
Supports and reinforces the company's compliance with governmental regulations, policies, and processes as well as governance of risk.Includes monitoring of security data from external sources (Industry portals, DoD, US-CERT, partners, etc.) and vendor advisories and conducting threat intelligence gathering. Responsible for compliance and Security Authorization activities for Emmes clients in accordance with National Institute of Standards and Technology (NIST) guidance and ISO 27001.Responsibilities
- Responsible for compliance with the FISMA regulation and associated standards. Good understanding of the NIST Special Publications, FIPS and OMB and Federal Information Processing Standards (FIPS).
- Reviews system security controls (managerial, operational, and technical) to determine adequacy against federal requirements and mission context utilizing security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for security assessments.
- Tracks the corrective actions in POA&Ms and coordinates the remediation with various groups. Tracks and reports FISMA metrics and Key Performance Indicators (KPIs).
- Develops and updates information systems security documentation. Ensures that Authority to Operate (ATO) are obtained in a timely manner.
- Works closely with Security Operations to provide assistance with tool configuration and operation
- Works closely with the Audit and Quality Assurance (QA) functions to provide validation of security control tests for third-party vendors, e.g., software, hardware, and cloud service providers.
- Routinely conducts risk assessments/reports to quantify impacts of vulnerabilities or decisions to the federal government. Participates in the production of cohesive compliance reports.
- Prepares documentation from information obtained from customers using accepted guidelines such as RMF.
- Assists with development and implementation of system security plans and contingency plans.
- Completes documentation in support of project / sponsor activities (e.g., checklists, questionnaires, etc.) and support external audits of Emmes.
- Performs all essential functions adhering to the highest level of ethical and professional conduct.
- Other duties as assigned
Why work at Emmes?
- Bachelor’s degree in Computer Science, Cyber Security, Engineering or related technical discipline
- Demonstrated ability to resolve issues related to assigned work project of moderate complexity
- Equivalent to 4 years cyber security experience with Federal standards and OMB Memoranda, and performing Authorization and Accreditation
- Experience with FISMA assessment processes
- Demonstrated knowledge of
- NIST 800-37, Risk Management Framework (RMF) and NIST 800-53 security controls.
- IT security foundational principles and methods, such as firewalls, DMZ, and encryption
- Networking principles, such as connections, protocols (TCP/IP), IP addressing, routing, and switching
- Experience writing scripts in PERL, Python or PowerShell
- Ability to effectively communicate cyber security issues (in verbal and written form) and related topics with senior cyber staff and IT team members
- Excellent technical writing and verbal communication skills
- Maintains up to date on computer and network vulnerabilities and exploits
- CompTIA Security+ certification preferred
We offer a competitive benefits package focused on the health and needs of our growing workforce, including
At Emmes, your actions and hard work will have a direct impact on public health initiatives, both globally and in our local communities with opportunities for volunteerism through our Emmes Cares
community engagement program.
- Unlimited Approved Leave
- Extended Healthcare Insurance
- RRSP Contribution
- Maternity / Parental Leave Top Up
- Tuition Reimbursement / Professional Development
- Wellness and Healthcare spending account