Sr Analyst - Shared Services - Enterprise

Essential Duties and Responsibilities:
- Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, outlined in the Information Security policy, under the direction of the Information Security management team.
- Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications.
- Ensure controls implementation for identified Information Security risks for business area of responsibility.
- Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements.
- Support audit and client engagements, coordinate the collection, review and submission of Information Security deliverables and coordinate the remediation of audit concerns.
- Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team.
- Promotion of Information Security awareness through various communication channels within the organization.
- Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets.



* Create and manage System Security Plans, including the validation of all associated artifacts required to maintain agency ATO and NIST 800-53 compliance.

This includes, but is not limited to a System Level Continuous Monitoring (SLCM) Strategy, HW/SW lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, Risk Assessment Review (RAR) and Plans of Action and Milestones (POA&Ms).


* Liaise with project ISSOs using shared services, IT organization, corporate business units, system owners, and subject matter experts to ensure legal and contractual requirements pertaining to cybersecurity, physical security, and information assurance are being met.


* Communicate government regulatory security and compliance requirements to the Senior Director of Security Governance and advise implementation of applicable security controls and hardening standards to governance and technical teams.


* Assist and advise the Senior Director of Security Governance and information security in the identification, assignment, and training of control owners throughout the organization and continually review contro...