Senior Cybersecurity Compliance Analyst

Zero Trust is currently seeking a Senior Cybersecurity Compliance Analyst to join our team. The Senior Cybersecurity Compliance Analyst will support the day-to-day and project-based security activities, POA&M remediations, vulnerabilities impact, and remediation process for the on-premises and cloud environments.

 

The Senior Cybersecurity Compliance Analyst will use his/her expertise to effectively manage security compliance activities, security waivers, documentation by working and providing guidance to all the stakeholders.

 

PRIMARY RESPONSIBILITIES:

· Manage daily Cybersecurity compliance activities.

· Proactively Manage Cybersecurity projects and tasks.

· Take initiatives to identify compliance weaknesses and present reports to the management.

· Lead and mentor the NCATS CSS Cybersecurity compliance team.

· Must be familiar with Risk Management Framework (RMF), NIST 800-53 and other Government mandates.

· Lead NCATS Cybersecurity compliance efforts to follow the Risk Management Framework (RMF).

· Have a solid understanding of the ATO preparation and assessment process.

· Schedule and coordinate compliance activities, sessions, and meetings with the stakeholders.

· Provide security controls implementation guidance.

· Be able to effectively work with stakeholders to manage and close POA&Ms.

· Provide effective guidance to the stakeholders on secure baseline configurations.

· Manage compliance documentation in NIH GRC tools.

· Ensure on time delivery of task order deliverables for cybersecurity compliance.

· Manage work through tools such as NIH incident response (IRT) portal, Splunk, ServiceNow, Jira, Confluence etc.

· Provide guidance on ATO package preparations and security controls implementation.

· Establish communications with vendors for the release of newly identified vulnerabilities and to ensure they understand the specialized requirements of the client’s information systems.

· Develop daily, weekly, and annual NCATS security landscape metrics.

· Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities.

· Provide notification of potential threats by tracking vulnerabilities and exploits, propagation of worms and viruses.

· Monitor the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews.

 

BASIC QUALIFICATIONS:

· Bachelor’s degree in a relevant technical discipline and 4+ years of overall related experience. 5+ years of additional related years of experience is accepted in lieu of a degree.

· Experience working with NIST 800-xxx series guidance.

· Project management experience a must.

· Familiarity with different encryption types.

· Familiarity with Windows/Unix/Linux platforms.

· Familiarity with DevOps pipelines, code scanning, penetration testing etc.

· Proven experience with incident and change management systems such as ServiceNow and Jira.

· Well versed in Active Directory, Office 365 and other platforms.

· Experience in Threat and Vulnerability scanning and remediation methodologies.

· Familiarity with System Incident and Event Management (SIEM) and other logging and monitoring tools.

· Experience in Vulnerability management and threat management tools such as Tenable Nessus, Netsparker, McAfee suite, Palo Alto, Amazon inspector and Cloud Watch etc.

· Experience in a hybrid operations environment providing leadership specified reports based on information received from other system owners and operations team.

 

PREFERRED QUALIFICATIONS:

· BS or MS degree in computer science, computer engineering, information systems, privacy engineering or related field of study.

· CEH, Security Plus. Splunk Power User.

· Excellent communication and presentation skills and the ability to effectively communicate designs, proposals, and results; and negotiate options at management levels

· Proficient in developing briefing materials, administrative, and logistic support.