Sr Analyst - ISO Security Governance

Essential Duties and Responsibilities:

- Perform complex risk analyses and risk assessment.

- Establish and satisfy Information Assurance (IA) and security requirements based upon the analysis of user, policy, regulatory, and resource demands.

- Support customers in the development and implementation of doctrine and policies.

- Advise information system owners on client/project security policies and requirements for systems.

- Keep abreast of emerging security technologies and make appropriate recommendations regarding the enhancement of the security posture of systems and their implementation.



* Provide recommendations on alignment of security policies with existing Federal and DoD customer requirements.


* Collaborate with the Enterprise (Shared Services) ISSO to ensure proper alignment of organizational governance with Federal and DoD customers.


* Collaborate with project ISSO's (existing contracts) and Business Development and Capture Teams to ensure proper alignment of organizational governance with existing and prospective Federal and DoD customers.


* Assist the Enterprise (Shared Services) ISSO with application of security policies to shared services supporting Federal and DoD customers.


* Recommend enhancements that align governance with Federal and DoD customers.


* Support the enhancement and on-going management of governance activities from a Federal perspective, including vendor assessments, annual enterprise risk assessments, enterprise risk registers, security awareness and training, and maintenance of a GRC.

Minimum Requirements

- Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required.
- Bachelor's Degree in related field.

- 5-7 years of relevant professional experience required.

- Equivalent combination of education and experience considered in lieu of degree.



* Bachelor's degree in cybersecurity, computer science, information assurance, or related field


* 7+ of security governance development and management for a corporate organization supporting Federal and DoD customers.


* Certifications like CISSP, CISM, CISA, or GRC / audit or risk certifications desired.


* Experience supporting security governance for organizations using FedRAMP'd CSO's as it pertains to system-specific and hybrid controls.


* RMF and A&A experience desired


* Strong understanding of Federal requirements to include but not limited to applicable Executive Orders, FISMA, FIPS, CMMC, NIST 800-171, NIST 800-53, NIST 800-60, and NIST 800-65.


* Experience with Federal and DoD GRC tools.

(CFACTS, CSAM, eMASS, etc.)


* Experience mapping and cross walking policies, standards, and procedures to multiple security frameworks.


* Exercise judgement in selecting methods, techniques, and evaluation criteria for obtaining results.


* Network with key contacts outside own area of expertise.


* Develop solu...