[Hiring] Cybersecurity Assessment and Authorization Analyst @Chickasaw Nation Industries, Inc.

Role Description

The Cybersecurity Assessment and Authorization Analyst provides support to the Department of Health and Human Services, Indian Health Service (IHS). This position is responsible for executing and assisting in the completion of security certifications and for providing support in the development and implementation of a program to manage all aspects of compliance with government regulations.

Qualifications

• CAP, CISSP, CISM, CISA, SANS GIAC, Security+, Network+, Linux+, MCSE, CCNA or SSCP certifications preferred.
• In depth knowledge of NIST SP 800 series and FedRAMP guidance and standards.
• Highly organized with ability to effectively manage multiple projects and priorities.
• Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities.
• Ability to effectively work both independently and in a team environment for the successful achievement of goals.
• Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management, and federal staff).
• Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues.
• Working knowledge and understanding of OMB, FISMA, FIPS, HIPAA and other federal regulations and requirements associated with Information Security.
• Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices.
• Ability to read, analyze, and interpret common information systems security documents.
• Expert computer skills with advanced proficiency in a Windows and Linux based computer environment.

Requirements

• Conducts annual security controls effectiveness testing. Documents findings and advises and monitors remediation efforts on all systems in accordance with established policy and procedures.
• Conducts significant research, evaluation, recommendation, and documentation development such as security assessment reports, methodologies, briefings, and presentations.
• Conducts information security audits/risk assessments on customer systems and network and documents in accordance with NIST, Risk Management Guide for Information Technology Systems.
• Annually reviews and updates the security and contingency plan for each system in conjunction with security audits and makes recommendations to address deficiencies.
• Assists system owners in developing security authorization packages that are fully compliant with National Institute of Standards and Technology (NIST) guidelines and organizational defined standards.
• Evaluates the implementation of security controls as required by NIST. Prepares security authorization packages using approved customer templates.
• Assists in meeting mandates, directives, reporting, and other security-related processes with respect to Federal regulations such as FISMA; Health Insurance Portability and Accountability Act (HIPAA); Office of Management and Budget (OMB) mandates; Homeland Security Presidential Directives (HSPD); Federal Information Processing Standards (FIPS) and NIST guidance implementation, oversight, and compliance.
• Reviews and updates risk assessments when significant changes occur to systems/network.
• Ensures customer information and information systems are adequately protected from unauthorized access, use, disclosure, disruption, modification, or destruction. Briefs and provides documented results to staff.
• Analyzes major IT systems, from a security perspective, during the initial phases of system development and throughout the systems development lifecycle.
• Reviews standard security configurations to assure compliance with federal directives and industry best practices.

Education/Experience

• Bachelor's degree in Computer Science or a related field of study and a minimum of eight (8) years’ relevant experience, or equivalent combination of education / experience.
• Must have at least eight years (8) of information security experience and with at least four (4) years of certification and accreditation (C&A) compliance / Security Assurance (SA) experience (NIST based).

Physical Demands

The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.

Benefits

• Medical
• Dental
• Vision
• 401(k)
• Family Planning/Fertility Assistance
• STD/LTD/Basic Life/AD&D
• Legal-Aid Program
• Employee Assistance Program (EAP)
• Paid Time Off (PTO)
• Training and Development Opportunities

Estimated Pay Range

The estimated pay range for this role is $70,000 to $80,000, with the final offer contingent on location, skillset, and experience.