Website Redhorse Corporation
A mid-sized solutions based technology company
Senior Information Security Analyst
About the Organization
Now is a great time to join Redhorse Corporation. Redhorse specializes in developing and implementing creative strategies and solutions with private, state, and federal customers in the areas of cultural and environmental resources services, climate and energy change, information technology, and intelligence services. We are hiring creative, motivated, and talented people with a passion for doing what’s right, what’s smart, and what works.
Redhorse Corporation is seeking a Senior Information Security Analyst to be an integral part of a team responsible for supporting the development and maturation of an Agency-wide information security (InfoSec) program for a large civilian Federal agency. The candidate should have strong data analysis skills, keen attention to detail, and the ability to handle and prioritize multiple tasks and deadlines. The candidate will serve as a subject matter expert with regards to the Risk Management Framework (RMF) and all associated information security policies and procedures and should possess in-depth knowledge of applying, selecting and testing the NIST family of security controls. The ideal candidate will report directly to the program manager and have strong leadership skills and the ability to lead teams, tasks and projects of 5+ junior, mid, and senior level resources with limited supervision.
Primary Duties and Responsibilities for this position include:
Advising senior-level stakeholders on InfoSec initiatives including compliance, awareness and training, and security operations.
Leading Independent Validation and Verification (IV&V) efforts on security authorization/ATO packages to ensure compliance to agency requirements.
Leveraging the existing Governance, Risk, and Compliance (GRC) tool, Telos Xacta (or an alternate like CSAM or RSA Archer), to track and reconcile findings from assessments, audits, and vulnerability scans
Coordinating government data calls (FISMA, FMFIA, BDR, etc.) and monthly reports. DHS CyberScope experience a plus.
Assessing the effectiveness of the InfoSec and privacy training program and leading the collection, analyzation, and presentation of enterprise-level InfoSec performance metrics.
Managing InfoSec Program POA&Ms, including advising on remediation efforts.
Providing administrative support to Xacta (or equivalent GRC tool) users and authoring operational procedures.
Working closely with senior agency security officials, system owners, information system security officers (ISSOs) and other stakeholders to advise and implement security solutions.
Advising CDM implementation efforts.
Identify opportunities for efficiencies in work process and innovative approaches.
Participating in team problem solving efforts and offer ideas to solve client issues.
Conducting relevant research, data analysis, and developing reports.
Preparing and assisting in the development of policy and procedures for program-level management and promoting consistency in program management best practices.
Implementing processes and procedures to monitor risk across programs / projects.
Preparing briefings to executive team to debrief the results of studies, analyses, and plans.
Assisting the client leadership in reviewing monthly project progress, documenting issues, and monitoring resolution.
Leading related business development efforts, as requested.
Minimum Basic Requirements for Skills, Experience, and Credentials include:
Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline is required. Four (4) additional years of experience in IA/Information Security will be an acceptable substitute for a Bachelor’s degree.
Minimum of eight (8) years of IA specialized experience, including applying, analyzing and assessing information systems and security controls (NIST SP800-53, Revision 4).
Minimum of three (3) years in a leadership capacity and demonstrated ability to delegate work and track work products from assignment to delivery.
Ability to work with limited supervision and meet multiple project milestones and deadlines as required by the client.
Excellent written and oral communication skills including delivery of client-ready work products and the ability to communicate complex technical issues to senior stakeholders and non-technical staff.
Knowledge and understanding of integrating the security lifecycle into the system development lifecycle (SDLC).
Experience working with Federal Information Security Modernization Act (FISMA) requirements and NIST guidelines.
Demonstrated ability to prioritize and manage competing work assignments in a time sensitive environment.
Ability to weigh business risks and enforce appropriate information security measures.
Keen attention to detail and the ability to solve problems using best practices and systematic approach.
Preferred Tech/Tool Experience:
Telos Xacta IA Manager (or similar tool like CSAM, RSA Archer, etc.)
Two (2) IT industry certifications, including at least one (1) advanced security certifications (e.g., CISSP, CISM or equivalent).
Interest in learning the concepts of business development and capturing new business.
Redhorse Corporation shall, in its discretion, modify or adjust the position to meet Redhorse’s changing needs.
This job description is not a contract and may be adjusted as deemed appropriate in Redhorse’s sole discretion.
To apply for this job please visit www.thegravityapp.com.