Daily Duties / Responsibilities:
Duties include, but are not limited to:
Interviewing business and technical owners to determine policies and procedures used for each agency process.
Developing and tracking infosec implementation plan progress.
Documenting information gathered during both interviews and
Document reviews to assist with developing formal process and procedures.
Assessing agency documentation to ensure adequate approaches are used to comply with controls.
Required skills (must include years of experience, in order of importance)
10+ Years of Experience in Information Security and Compliance.
2+ Years of Experience with security audits based on a standard control set as an auditor or responding information system security officer
Must Have a Strong Working Knowledge of NIST 800-53 (2 Years of Experience)
Prior Experience POA&M or CAP.
Strong Communication Experience.
Experience With Using A GRC Tool (Archer or Similar) (3 Years of Experience)
Preferred Skills (Rank in order of Importance):
Have completed an information security plan or system security plan notebook.
Simultaneously, manage multiple infosec work efforts.
Knowledge of IRS 1075, HIPAA, CJIS, MARS-E
and/or PCI-DSS.
Government sector experience
Additional Skills
Ability to identify, map and re- engineer business processes.
Strong schedule management and resource planning skills.
Ability to work at a high-volume and fast pace.
Strong collaborator and strong ability to meet deadlines.
Required Education:
Bachelor’s Degree
Preferred Certifications:
CISA, GSLC, or equivalent certification