Skip to content
mimi
All jobs · Security Engineer jobs

Senior Information Security Analyst

Data Systems Analysts, Inc.

Fairfax · On-site Full-time Senior 3w ago
Apply with a tailored resume Save job

About the role

Primary Responsibilities

  • Advising senior-level stakeholders on InfoSec initiatives including compliance, awareness and training, and security operations.
  • Leading Independent Validation and Verification (IV&V) efforts on security authorization/ATO packages to ensure compliance with agency requirements.
  • Leveraging the existing Governance, Risk, and Compliance (GRC) tool, Telos Xacta (or an alternate like CSAM or RSA Archer), to track and reconcile findings from assessments, audits, and vulnerability scans.
  • Coordinating government data calls (FISMA, FMFIA, BDR, etc.) and monthly reports.
  • Assessing the effectiveness of the InfoSec and privacy training program and leading the collection, analyzing, and presentation of enterprise-level InfoSec performance metrics.
  • Managing InfoSec Program POA&Ms, including advising on remediation efforts.
  • Working closely with senior agency security officials, system owners, information system security officers (ISSOs) and other stakeholders to advise and implement security solutions.
  • Identify opportunities for efficiencies in work process and innovative approaches.
  • Participating in team problem solving efforts and offer ideas to solve client issues.
  • Conducting relevant research, data analysis, and developing reports.
  • Preparing and assisting in the development of policy and procedures.
  • Implementing processes and procedures to monitor risk across programs / projects.
  • Preparing briefings to the executive team to debrief the results of studies, analyses, and plans.
  • Assisting the client leadership in reviewing monthly project progress, documenting issues, and monitoring resolution.

Required Qualifications

  • Bachelor's degree in information technology or related field and 8 years of relevant IA experience. May substitute security certification (e.g. CISSP) for 2 years of experience.
  • 3+ years in a leadership role
  • Strong data analysis skills.
  • Excellent written and verbal communication skills.
  • Possess in-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 security controls.
  • Possess in-depth knowledge of NIST 800-37 Risk Management Framework.
  • Experience with a Governance, Risk and Compliance tool (e.g., Xacta, RSA Archer, CSAM or eMASS).
  • Excellent attention to detail.
  • Ability to handle and prioritize multiple tasks and deadlines.

Desired Qualifications

  • Advanced level cybersecurity certification (e.g., CompTIA CISM, ISC2 CISSP)
  • In-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 5 security controls

#DSA209

#LI-CW1

Requirements

  • Bachelor's degree in information technology or related field and 8 years of relevant IA experience.
  • May substitute security certification (e.g. CISSP) for 2 years of experience.
  • 3+ years in a leadership role
  • Strong data analysis skills.
  • Excellent written and verbal communication skills.
  • Possess in-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 security controls.
  • Possess in-depth knowledge of NIST 800-37 Risk Management Framework.
  • Experience with a Governance, Risk and Compliance tool (e.g., Xacta, RSA Archer, CSAM or eMASS).
  • Excellent attention to detail.
  • Ability to handle and prioritize multiple tasks and deadlines.

Responsibilities

  • Advising senior-level stakeholders on InfoSec initiatives including compliance, awareness and training, and security operations.
  • Leading Independent Validation and Verification (IV&V) efforts on security authorization/ATO packages to ensure compliance with agency requirements.
  • Leveraging the existing Governance, Risk and Compliance (GRC) tool, Telos Xacta (or an alternate like CSAM or RSA Archer), to track and reconcile findings from assessments, audits, and vulnerability scans.
  • Coordinating government data calls (FISMA, FMFIA, BDR, etc.) and monthly reports.
  • Assessing the effectiveness of the InfoSec and privacy training program and leading the collection, analyzing, and presentation of enterprise-level InfoSec performance metrics.
  • Managing InfoSec Program POA&Ms, including advising on remediation efforts.
  • Working closely with senior agency security officials, system owners, information system security officers (ISSOs) and other stakeholders to advise and implement security solutions.
  • Identify opportunities for efficiencies in work process and innovative approaches.
  • Participating in team problem solving efforts and offer ideas to solve client issues.
  • Conducting relevant research, data analysis, and developing reports.
  • Preparing and assisting in the development of policy and procedures.
  • Implementing processes and procedures to monitor risk across programs / projects.
  • Preparing briefings to the executive team to debrief the results of studies, analyses, and plans.
  • Assisting the client leadership in reviewing monthly project progress, documenting issues, and monitoring resolution.

Skills

CISSPCSAMGRCNIST 800-37NIST 800-53RSA ArcherTelos XactaXacta

Similar roles

Senior SAP Basis Administrator

Talent Groups

SOAR Engineer/ Consultant (Detection & Automation)

Procom

Security Analyst

Jobs via Dice

Don't send a generic resume

Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.

Get started free