Tetrad Digital Integrity LLC

Information Security FISMA Analyst - Reporting

US-MD-Bethesda
1 month ago
ID
2017-1100
# of Openings
1
Category
Information Technology

Overview

TDI is seeking a seasoned security professional with experience in implementing and communicating Federal Information Security Modernization Act (FISMA) compliance for the Federal government.  The Senior Analyst is responsible for helping to manage the agency’s Assessment and Authorization (A&A) Program by focusing on the reporting end of Risk Management and Security Authorization activities in accordance with the applicable National Institute of Standards and Technology (NIST) 800 series guidelines, the Risk Management Framework and applicable Federal Information Processing Standards (FIPS).  The Senior Analyst will report to the A&A Team Lead and perform and manage tasks related to the entire Assessment and Authorization (A&A) lifecycle.  The candidate will work closely with the Agency’s A&A Security Teams to understand reporting requirements and by helping guide and prioritize remediation activities to improve the risk posture.  He/she will implement and/or improve automated (and manual) procedures to produce the required reports in a consistent and accurate manner.  The candidate will also work closely with the Agency ISSOs and Security teams by reviewing security packages, working on FISMA-related security projects and assisting with developing automated tool reporting capabilities in the current and future planned FISMA tools.

Responsibilities

  • Develop required A&A reports on a regular frequency and on an ad hoc basis as needed, including mandatory monthly reports to the Department, Agency Senior Management and the Agency CIOs and ISSOs
  • Communicate current status of Agency’s A&A Risk Posture to Senior Management and to the Agency’s A&A Security Team via reports and presentations
  • Assist Management in creating meaningful and accurate presentations that reflect accurate and up-to-date FISMA metrics
  • Gain a thorough understanding of the current (and future planned) FISMA tools and the data they contain to ensure that the data being reported is accurately represented and captured
  • Work closely with the Team Lead to enhance current reports, including enabling automation wherever possible to save time and improve accuracy.
  • Identify gaps in current reporting and present solutions to Team Lead and Agency Management
  • Provide guidance and training to the A&A Security Team members and the Agency’s ISSOs on how properly utilize FISMA and new Governance, Reporting and Compliance (GRC) tools so they contain accurate and up-to-date information
  • Assist in coordinating remediation of Plan of Action and Milestones (POA&M) findings with the team members and Agency ISSO’s, helping to prioritize remediation activities to meet Agency’s risk tolerance
  • Respond to numerous and broad customer inquiries regarding A&A utilizing a ticketing system; ensure timely and complete responses occur.
  • Develop and process waivers and exceptions for information system weaknesses and vulnerabilities
  • Help the Team Lead implement new A&A tasks and projects to meet customer needs
  • Interface with Agency Privacy Office to ensure Privacy requirements are documented and being consistently and accurately reported across the organization
  • Experience with automated FISMA and Governance, Risk and Compliance (GRC) Tools such as Trusted Agent FISMA or Archer, and producing reporting from these tools
  • Develop, update and provide training as needed on the information systems security documentation templates (e.g. System Boundary development, System Security Plan (SSP), Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthentication, Privacy Threshold Analysis, etc.) based on changing NIST and federal guidance
  • Work with the clients to develop capabilities briefings and presentations in support of the program
  • Coordinate with ISSOs across the organization to ensure timely compliance with Federal and organizational policies and procedures

Qualifications

  • Ability to obtain a public trust
  • BS or BA degree
  • 5+ years of experience in information security, with a focus on Risk Management and expertise in providing reporting of FISMA data and metrics
  • Federal Information Security experience is strongly preferred, with an understanding of Agency or Department-level challenges and requirements (particularly in a large, federate environment)
  • Strong in-person, writing and verbal communication skills – excellent with PowerPoint
  • Detailed knowledge of NIST security standards and compliance measurements
  • Working experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, and 800-60
  • High aptitude for learning (self-study and as a part of a team)
  • Strong customer-service attitude, ability to multi-task and work independently
  • Understanding of SharePoint

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed