Technical and Management Resources, Inc.

Program Security Analyst

Job Locations US-Washington, DC
Posted Date 3 months ago(1/10/2020 3:46 PM)
Job ID
2020-2700
Security Clearance
Public Trust

Overview

TMR is seeking a Program Security Analyst as part of Chief Information Security Officer (CISO) Advisory Services Team in Washington, DC. The Program Security Analyst is responsible for supporting the strategic and day-to-day aspects of the Information Security Program in the areas of the Privacy Program Support, Information Security and Privacy Awareness Training Program support, and Audit Support Services. Responsible for establishing and maintaining information-security awareness through a security awareness program. In conjunction with the Privacy Officer, responsible for assisting the Privacy Officer in ensuring the customer’s compliance with all applicable statutory, regulatory, and policy requirements. In conjunction with the CIO, responsible for managing the strategic and dayto-day aspects of providing internal inspection and audit support to customer.

Responsibilities

  • Implement and manage the customer’s security awareness program.
  • Develop a robust security awareness program to assist with the customer’s education, monitoring, and ongoing maintenance of security awareness needs. The program should be focused on:
    • Establish Minimum Security Awareness (new hire training, e-mails and circulars, memos, notices, bulletins, posters, etc.).
    • Identification and development of role-based security training.
    • Metrics to Assess Awareness Training.
  • Assist in selecting an appropriate vendor for providing the content for the training.
  • Identify gaps in customer’s Privacy related policies and procedures and assisting with the development of the identified artifacts.
  • Ensure the customer’s compliance with Privacy Policies, FISMA, NIST Risk Management Framework, and Privacy Act and applicable state privacy requirements.
  • Ensure controls are enacted, as appropriate, when the customer collects, uses, retains, and shares Personally Identifiable Information (PII) including the selection and implementation of particular security and privacy controls.
  • Ensure NIST privacy controls are documented, as required, for each of the customer’s information system. • Assist the Privacy Officer with completing its Privacy Threshold Analyses (“PTAs”) and Privacy Impact Assessments (“PIAs”) under Section 208(b) of the E-Government Act of 2002.
  • Manage and maintain a process for reporting policy violations.
  • Conduct research and analysis and recommend changes to the customer’s Privacy Policy for annual updates. Create, present, and explain policy and strategic concepts to support privacy awareness and privacy-related controls to include creating training and presentation materials.
  • Assist the Privacy Officer with responding to privacy-related audits and reviews.
  • Manage support for internal audits.
  • Provide support for the annual FISMA audit.
  • Develop and maintain a FISMA Audit Project Plan analysis of prior year FISMA audits and issues that identifies areas for improvement.
  • Conduct DIS-approved pre-audit test procedures documenting results and triaging weaknesses.
  • Provide audit support to the CIO and customer’s Audit and Assurance Division to include pre- and post- audit activities. These activities will include, at a minimum:
    • Serve as a liaison between all vested parties;
    • Coordinate and track all audits (requests, meetings, Deliverables); and
    • Draft and submit for review and approval, Corrective Action Plans (“CAPs”) for all FISMA findings to include prior year open findings, in coordination with the customer’s Enterprise Portfolio Management Office (EMPO).

Qualifications

  • Bachelor’s degree in an Information Technology related field required.
  • Minimum four (4) to six (6) years of experience supporting in IT security programs.
    • 3+ years of related management experience in the field of security education and training.
    • 3+ years of related experience providing Privacy Program support
    • 3+ years of related experience providing Internal Inspection, Audit Readiness and support to include FISMA audits.
  • Experience supporting the development, implementation, and management of an information security and privacy awareness training program.
  • Experience completing Privacy Threshold Analyses (“PTAs”) and Privacy Impact Assessments (“PIAs”) under Section 208(b) of the E-Government Act of 2002.
    • Knowledgeable of Privacy Policies, FISMA, NIST Risk Management Framework, and Privacy Act and applicable state privacy requirements.
  • General experience in IT security (computer and network systems).
    • Knowledge of Information Security (Cybersecurity or Information Assurance) processes and industry best practices in providing thorough Information Security (Cybersecurity or Information Assurance) training.
    • Knowledge of the NIST Risk Management Framework (RMF).
  • Performs and/or assists in internal self-assessments and audits of to ensure compliance with mandated annual FISMA requirement. o Experience developing test procedures documenting results and triaging weaknesses. o Experience developing Corrective Action Plans.
  • Experience with MS SharePoint and MS Office
  • Experience supporting senior IT leadership.
  • Ability to handle ambiguity and make decisions and recommendations with limited data.
  • Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems.
  • Strong proficiency in interpersonal and communication skills.
  • Strong proficiency in handling multiple tasks concurrently.
  • Strong proficiency in proofreading deliverables for clear, concise language, completeness, correctness, and consistency.
  • Experience in time management and ability to adjust to changing priorities.
  • Ability to work in a cohesive team-oriented environment.
  • Independent, self-driven, highly customer focused and able to work under minimum supervision.

Certifications: Must possess one of the following certifications or something similar:

  • CompTIA Advanced Security Practitioner (CASP+) or CompTIA Security+

 

Desired Certification:

  • Certified Information Security Manager (CISM)

 

Technical and Management Resources, Inc. is an Equal Opportunity Employer and does not discriminate with regard to race, color, religion, sex, age, national origin, disability, or Vietnam veteran status. This policy affirms TMR’s commitment to the principles of fair employment and the elimination of discriminatory practices. We encourage all employees to take advantage of opportunities for promotion as they occur.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.