Security Compliance Analyst

Location: Rockville, Maryland - Remote
Category: Cybersecurity
Employment Type: Contract
Job ID: 16552
Date Added: 05/09/2024

Apply Now

Fill out the form below to submit your information for this opportunity. Please upload your resume as a doc, pdf, rtf or txt file. Your information will be processed as soon as possible.

* Required field.

Responsibilities (overall and day-to-day):
As a Security Compliance Analyst, you will be joining a team performing security assessments and providing consulting support to assist clients in meeting FISMA and FedRAMP requirements. The ideal candidate will have a firm understanding of how to apply the principles of Information Security in a variety of circumstances and expertise translating the NIST 800-53 guidelines into common technical implementations.
  • Develop Security Authorization Packages that are compliant with FISMA/FedRAMP requirements. Package components include: System Security Plans, Contingency Plans, Configuration Management Plans, Incident Response Plans, Privacy Impact Assessments, and Plan of Action and Milestones (POA&M)
  • Assist in the review and analysis of Security Authorization Packages for completeness and compliance with FISMA/FedRAMP requirements
  • Demonstrate ability to lead compliance and assessments projects through the project lifecycle from initiation to project closure
  • Lead working sessions with client and audit team to ensure expectations and direction are aligned and timelines are being met
  • Collaborate across multiple internal teams to ensure successful delivery of artifacts and closure of audit field work
  • Provide review and analysis of vulnerability scan results from tools such as Nessus, Qualys, AppDetective, WebInspect, IBM AppScan, Burp Suite, etc.
  • Build a customer-focused relationship with client(s)
  • Experience reviewing and updating policies, standards, and procedures to ensure they are up to date and reflect current practices
  • Demonstrate familiarity with FISMA and NIST 800 series guidelines (800-30, 800-37, 800-53 and 53A, 800-60, etc.)
  • SOC2
  • RegSCI
  • Splunk
Education/Experience Requirements:
  • CISSP/CEH/AWS certs/CASP/Security + certification or equivalent highly desired
  • Bachelor’s Degree (preferably in Information Technology or Cyber Security) or equivalent work experience
  • FedRAMP experience HIGHLY preferred
  • Must be a US citizen