ServiceNow Analyst

About

ECS is seeking a ServiceNow Analyst to work remotely.

Responsibilities

• Support the Management of the Agency's Enterprise Governance, Risk & Compliance (GRC) module to ensure accurate operational and ATO status of systems as well as system POCs, and related FISMA inventory attributes per the FISMA Inventory SOP.
• Track and maintain logs for the completion of program related requirements; Develop use cases and test scripts, conduct UAT, and report on findings.
• Review and update existing GRC specific information security policy, standards, and procedures based on federal and departmental regulations.
• Support the development of monthly and weekly status reports summarizing the status of completed, ongoing, upcoming tasks, and work performed.
• Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
• Create and maintain task status documentation for various activities, including outlines, plans, process improvement plan, task timelines, risk registers, lessons learned, requirements documents, meeting agendas, meeting minutes, and others.

Salary Range

$110,000 - $125,000

Required Skills

• 7+ years of experience with Business Analysis Processes including Requirements Management and Documentation; Data Analysis and Management; and Data flow mapping.
• Experience with GRC tools (Required) like ServiceNow (Preferred)
• Experience supporting security assessments and reviewing related documents.
• Experience performing Certification and Accreditation (C&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Certification and Accreditation documents.
• Experience with Dashboarding (preferred)
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Knowledge of policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the OCC.
• Strong written and verbal communication skills across all levels of management.

Desired Skills

• Document and report requirements and deficiencies to both technical and non-technical audiences.
• Develop and implement information assurance/security standards and procedures.
• Experience writing technical papers documenting results of research, impact and/or risk analysis, recommendations, etc., on evolving threats, new technologies, approaches to address new federal mandates, etc.
• Experience developing and reviewing quality security assessment deliverables while ensuring the content of each deliverable is specific to the subject systems, complete, and accurate.
• Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays.
• Have thorough understanding of NIST Risk Management Framework (RMF) and document OCC's RMF processes.
• Conduct reviews and updates of deliverables (compliance and assessment) to ensure quality, consistency, and accuracy with respect to technical editing.
• Track status of GRC tickets and requests
• Support end user/user acceptance testing of GRC changes
• Meet with the ESM team on OCC's RMF processes to assist with communicating requirements.
• Monitor, track, and update GRC ticket statrequests
• Create OCC specific SOPS and Job Aids

About ECS

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.