Cybersecurity Assessment and Authorization Analyst

# Cybersecurity Assessment and Authorization Analyst

**Company:** Chickasaw Nation Industries, Inc.

## About This Role

CNI is seeking a Cybersecurity Assessment and Authorization Analyst to provide support to the Department of Health and Human Services, Indian Health Service (IHS). This position is responsible for executing and assisting in the completion of security certifications and for providing support in the development and implementation of a program to manage all aspects of compliance with government regulations.

## Key Responsibilities

You'll conduct annual security controls effectiveness testing and document findings while advising and monitoring remediation efforts on all systems in accordance with established policy and procedures. A significant portion of your work involves research, evaluation, recommendation, and documentation development—creating security assessment reports, methodologies, briefings, and presentations.

You'll perform information security audits and risk assessments on customer systems and networks, documenting everything in accordance with NIST Risk Management Guide for Information Technology Systems. Each year, you'll review and update security and contingency plans for each system in conjunction with security audits, making recommendations to address any deficiencies.

Assisting system owners in developing security authorization packages that fully comply with National Institute of Standards and Technology (NIST) guidelines and organizational defined standards is a key responsibility. You'll evaluate the implementation of security controls as required by NIST and prepare security authorization packages using approved customer templates.

Throughout your work, you'll help meet mandates, directives, reporting, and other security-related processes with respect to Federal regulations such as FISMA, Health Insurance Portability and Accountability Act (HIPAA), Office of Management and Budget (OMB) mandates, Homeland Security Presidential Directives (HSPD), Federal Information Processing Standards (FIPS), and NIST guidance implementation, oversight, and compliance. You'll review and update risk assessments whenever significant changes occur to systems or networks, ensuring customer information and information systems are adequately protected from unauthorized access, use, disclosure, disruption, modification, or destruction.

Briefing and providing documented results to staff is essential—your briefs will include areas of conformance to directives, corrective recommendations for deficiencies, and POA&M explanations to correct deficiencies. You'll also analyze major IT systems from a security perspective during initial phases of system development and throughout the systems development lifecycle, reviewing standard security configurations to assure compliance with federal directives and industry best practices.

## Required Qualifications

- Bachelor's degree in Computer Science or related field - Minimum 8 years of relevant information security experience - At least 4 years of certification and accreditation (C&A) compliance or Security Assurance (SA) experience based on NIST frameworks - In-depth knowledge of NIST SP 800 series and Fed. RAMP guidance and standards - Working knowledge and understanding of OMB, FISMA, FIPS, HIPAA, and other federal regulations and requirements - Expert computer skills with advanced proficiency in both Windows and Linux based environments - Excellent verbal and written communication skills - Highly organized with ability to manage multiple projects and priorities - Strong critical thinking skills and ability to identify, analyze, and resolve complex issues - Ability to work independently and in a team environment

## Preferred Qualifications

Professional certifications including CAP, CISSP, CISM, CISA, SANS GIAC, Security+, Network+, Linux+, MCSE, CCNA, or SSCP

## Compensation and Benefits

**Estimated Pay Range:** $70,000 to $80,000 (contingent on location, skillset, and experience)

**Benefits (eligible first day of hire for full-time employees):** - Medical, dental, and vision coverage - Company life insurance - Short-term and long-term disability insurance - 401(k) with immediate vesting - Professional development assistance - Legal aid assistance program - Family planning and fertility assistance - Paid personal time off - Federal holiday observance - Employee Assistance Program (EAP) - Training and development opportunities

## Additional Information

This position is remote-eligible. CNI is a federally chartered corporation wholly owned by the Chickasaw Nation and operates as a federal contractor that is a drug-free workplace adhering to the Federal Controlled Substance Act.