Tetrad Digital Integrity LLC

Information Security FISMA Analyst, Senior

US-MD-Bethesda
1 month ago
ID
2017-1099
# of Openings
1
Category
Information Technology

Overview

TDI is seeking a seasoned security professional with experience in implementing and communicating Federal Information Security Modernization Act (FISMA) compliance for the Federal government.  The Analyst is responsible for helping to manage the agency’s Assessment and Authorization (A&A) Program by focusing on the Risk Management and Security Authorization activities in accordance with the applicable National Institute of Standards and Technology (NIST) 800 series guidelines, the Risk Management Framework and applicable Federal Information Processing Standards (FIPS).  The Senior Analyst will report to the A&A Team Lead and perform and manage tasks related to the entire Assessment and Authorization (A&A) lifecycle.  The candidate will also serve as a subject matter expert, assisting the Team Lead in developing and implementing strategic and tactical approaches to maturing and improving the Agency’s A&A Program, including the use of existing and new automated Governance, Risk and Compliance tools.

Responsibilities

  • Train and Assist System Owners, ISSOs and other Agency Stakeholders in understanding documentation requirements. Review completed templates to ensure completeness, accuracy and consistency across the Program
  • Provide coaching and guidance to less experienced team members on how to consistently manage and report on Risks
  • Assistance in coordinating remediation of Plan of Action and Milestones (POA&M) findings with the team members and various organizations within the Agency
  • Work closely with the Team Lead to ensure required reporting is accurate and timely
  • Develop and process waivers and exceptions for information system weaknesses and vulnerabilities
  • Work with current and new FISMA and Governance, Risk and Compliance (GRC) tools to automate the data capture, repository and reporting processes
  • Help the Team Lead implement new A&A tasks and projects to meet customer needs
  • Respond to numerous and broad customer inquiries regarding A&A utilizing a ticketing system; ensure timely and complete responses occur.
  • Serve as interface with Agency Privacy Office to ensure Privacy requirements are documented and being consistently implemented across the Agency
  • Develop, update and provide training as needed on the information systems security documentation templates (e.g. System Boundary development, System Security Plan (SSP), Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, ISA/MOU, Waivers, eAuthentication, Privacy Threshold Analysis, etc.) based on changing NIST and federal guidance
  • Work with the clients to develop capabilities briefings and presentations in support of the program
  • Coordinate with ISSOs across the organization to ensure timely compliance with Federal and organizational policies and procedures

 

Qualifications

  • Ability to obtain a public trust
  • BS or BA degree
  • 5+ years of experience in information security, with a focus on Risk Management
  • Strong in-person, writing and verbal communication skills
  • Detailed knowledge of NIST security standards and compliance measurements
  • Experience with automated FISMA and Governance, Risk and Compliance (GRC) Tools such as Trusted Agent FISMA or Archer
  • Working experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, and 800-60
  • Understanding of the NIST guidance for Ongoing Authorization (OA); implementation of OA at an Agency-level is desired but not mandatory
  • High aptitude for learning (self-study and as a part of a team)
  • Strong customer-service attitude, ability to multi-task and work independently

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed