DescriptionInformation Assurance Analyst
Assist in oversight and the security posture of the Bureau’s OpenNet/ClassNet/Cloud environments, develop the overall security strategy and assist in development of the information system security policy for the Bureau. In this role, take on the responsibility for the inventory, categorization, selecting security controls, and monitoring security controls for the information systems in preparation of the Assessment and Authorization (A&A) process for new and existing systems. Your expertise in conducting security assessments, vulnerability testing, and incident response will be crucial in maintaining a secure IT infrastructure.
Compensation & Benefits:
- Estimated Starting Salary Range for Information Assurance Analyst: Pay commensurate with experience.
- Full time benefits include Medical, Dental, Vision, 401K and other possible benefits as provided. Benefits are subject to change with or without notice.
Information Assurance Analyst Responsibilities Include:
- Assist in planning and preparation for security Assessment and Authorization (A&A) as part of the Department’s Information Assurance policy and Federal Information Security Management Act (FISMA) implementation efforts.
- Provide support for and where necessary to create security documentation for the required phases of the DOS A&A process in support of obtaining Authority to Operate (ATO) approvals of systems.
- Perform Security Impact Analysis (SIA) review of change requests and provide reporting requirements to system owners.
- Update expired security controls in ArchAngel to support security findings and reporting
- Analyze and report on security findings identified during assessment.
- Create Plan of Action & Milestones (POAMs) for identified security control findings
- Evaluate security control implementations for all Systems boundaries on a yearly basis
- Categorize the information system and the information processed, stored, and/or transmitted by that system based on the impact analysis.
- Categorize the information system and document the results of the security categorization in the system security plan Systems Security Plan (SSP).
- Identify the security controls that are provided by the organization as common controls for organizational information systems and document the controls in the control selection worksheet and database.
- Develop a strategy for the continuous monitoring of security control effectiveness and any proposed or actual changes to the information system and its environment of operation and recommend security controls based on the security categorization of the information system.
- Describe the information system (including the system boundary, system functions, and system data criticality/sensitivity) and document the description in the System Security Plan (SSP).
- Register the information system in the Department's IT Asset Baseline.
- Conduct a review of system security plan the SSP with the ISSO to ensure completeness, accuracy, and readiness for approval by the OBO Information System Owner.
- Perform Annual Control Assessments, Contingency Plan tests, and SCF updates on an annual basis for all FISMA-reportable information systems.
- Assist the ISSO in the creation of a bureau-wide Information Systems Security Policy that will be derived and aligned with existing department of state Foreign Affairs Manuals (FAM’s) and Foreign Affairs Handbooks (FAH’s) as well as be aligned with NIST Special Publications 800-53 rev4 Security and Privacy Controls for Federal Information Systems and Organizations.
- Supports the efforts with Continuous Monitoring concepts and Risk Management Framework (RMF) methodologies to support FISMA, NIST RMF, and NIST SP 800-series publications.
- Works with Security Team to development Plans of Action & Milestones (POA&Ms) resulting from assessment discrepancies or failures. Monitors POA&Ms and works with IT System POCs to resolve. Re-assesses controls upon POA&M resolution. Provides status reports as necessary.
- Performs other job-related duties as assigned.
Information Assurance Analyst Experience, Education, Skills, Abilities requested:
- Bachelor's degree in cybersecurity, computer science, informational technology, or related fields and 5 years of Cybersecurity experience.
- Five (5) years of experience in managing the inventory, categorization, selecting and monitoring security controls for the information systems in preparation of the Assessment and Authorization process for new and existing systems.
- Experience in implementing NIST guidance related to the Risk Management Framework and supporting Plan of Action and Milestone (POAMs) review.
- Must have experience in conducting interviews with application and system developers to document system operations surrounding security controls.
- Working knowledge of NIST Cybersecurity Framework and CIS Critical Security Controls.
- Must have an Information Assurance-type certification (CISSP, CISM, or CompTIA Security+).
- Must be a US citizen.
- Must have proficiency and understanding of FEDRAMP and the FEDRAMP process.
- Ability to conduct information system audits.
- Ability to produce documentation.
- Must possess and maintain a SECRET clearance.
- Must pass pre-employment qualifications of Cherokee Federal
Company Information:
Cherokee Nation System Solutions (CNSS) is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about CNSS, visit cherokee-federal.com.
#CherokeeFederal #LI
- Information Assurance Analyst
- Network Security
- Risk Management Framework
- Federal Information Security Management
- Network Security
- Vulnerability Management
- Security Architecture
Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, Accommodation request, and Presidential EO 14042 Notice.
Please Note: This position is pending a contract award. If you are interested in a future with Cherokee Federal, APPLY TODAY! Although this is not an approved position, we are accepting applications for this future and anticipated need.