Information Security Risk & Compliance Analyst III

The Information Security Risk and Compliance Analyst III will be responsible for executing and assisting in the completion of security certifications.

ESSENTIAL DUTIES AND RESPONSIBILITIES Essential duties and responsibilities include the following. Other duties may be assigned.

Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.

Works with the security administrators to provide support as needed to complete the certification on multiple systems.

Works with the system administrators to examine and test the security posture of the systems and applications.

Prepares documents for SA packages by pre-determined deadlines. Document preparation includes: System Security Plans, IT Contingency Plans, Privacy Impact Assessments, Risk Assessments, FIPS 199 Profiles, Plans of Actions and MileStone (POA&M) and other documents that support the SA process.

Provides recommended remediation for identified deficiencies.

Executes the Security Authorization (SA) phases outlined in NIST SP800-37 rev1.

Assists in examining and testing the security configurations and settings on information systems and applications.

Interviews system owners, information system security officers, system administrators, database certifiers, developers and end users to determine the security posture of the system and to assist in the completion of the NIST SP800-53a test steps.

Assists in analyzing vulnerability and compliance scan results on Windows, Solaris and Linux systems.

Generates Plans of Action and Milestones findings for the non-compliant settings and security deficiencies.

Expands into other areas of the security authorization process.

Is familiar with OMB, FISMA, FIPS and other federal regulations and requirements associated with information security

Responsible for aiding in own self-development by being available and receptive to all training made available by the company.

Plans daily activities within the guidelines of company policy, job description and supervisors instruction in such a way as to maximize personal output.

Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers.

Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions as the best of own ability.

EDUCATION/EXPERIENCE High school diploma or general education degree (GED); and two years of general IT support and one year of information security experience of which one year experience in the field of C&A / SA (preferably NIST based); or equivalent combination of education and experience. Professional experience in preparation of reports, presentations, summaries and analysis.

Please refer to job code 559 when responding to this ad.

Category:	Trades
Location:	Rockville, MD
County:	Montgomery County
ZIP Code:	20847
Pay Rate:	Open
Job Terms:	full time
Company:	Chickasaw Nation Industries
Phone:	email only please
Fax:	email only please