Lead Security Analyst - Information System Security Officer (ISSO)

Description & Requirements

Reporting to the Sr.

Manager for the Program Security Services team (US Services), the Lead Security Analyst-ISSO is responsible for managing the overall security posture of their assigned projects.

Acting as an independent contributor, the Lead Analyst-ISSO will document and validate security compliance requirements, as defined in client contracts and established regulatory frameworks (NIST 800-53, HIPAA, IRS 1075, CMS MARS-E/ARC-AMPE, PCI-DSS).

This position requires broad knowledge of Information Technology, including cloud providers such as Azure and AWS.

This role will also manage stakeholder relationships with both internal and external customers.

US citizenship is required per contract/client, at least one of the following certifications is required: CISSP (preferred), CISA or CISM.

Experience with NIST 800-53 and the ability to travel up to 10% is required.

Essential Duties and Responsibilities:

- Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, as outlined in the Information Security policy, under the direction of the Information Security management team.

- Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications.

- Ensure controls are properly and fully implemented to address identified Information Security risks for assigned area of responsibility.

- Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements.

- Lead and support audits and client reviews of security posture; coordinate the collection, review and submission of Information Security deliverables and track the remediation of audit findings and exceptions.

- Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team.

- Promotion of Information Security awareness through various communication channels within the organization.

- Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets.



* Identify potential security control gaps by reviewing evidence provided by stakeholders, system generated reports and/or control implementation statements.


* Perform risk assessments using vulnerability management and application security testing reports.


* Initiate formal security exception process, when required.


* Develop Plan of Action and Milestones (POA&M) as necessary.

Minimum Requirements

- Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required.

- Bachelor's degree and 7+ years of relevant professional experience required, or equivalent combination of education and experience.



* US Citizenship is REQUIRED ...