Lead Analyst - Tysons, United States - Maximus Services, LLC

Maximus Services, LLC

Verified Company

Tysons, United States

3 weeks ago

Posted by:

Mark Lane

beBee recruiter

Description

Description & Requirements

Additional Requirements as per contract/client:

Essential Duties and Responsibilities:

Responsible for ensuring information security for an assigned area of Business / Project focusing on key areas of risk, outlined in the Information Security policy, under the direction of the Information Security management team.
Ensure controls implementation for identified Information Security risks for business area of responsibility.
Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements.
Support audit and client engagements, coordinate the collection, review and submission of Information Security deliverables and coordinate the remediation of audit concerns.
Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team.
Promotion of Information Security awareness through various communication channels within the organization.
Collaborate with the Information Security team members on process improvements, secure design and recertification of MAXIMUS assets.
Travel required up to 25%.
Other duties as assigned.

Project Responsibilities

Create and manage System Security Plan and creation and/or validation of all associated artifacts required to obtain CMMC Level 2 certification and NIST compliance, including a System Level Continuous Monitoring (SLCM) Strategy, hardware/software lists, Information Flow Diagrams, System Categorization Forms, System Topologies, Configuration Management Plan, Configuration Control Board (CCB) Charter, System and Services Acquisition Plan, System and Information Integrity Plan, System and Communication Protection Plan, Security Assessment and Authorization Plan, Risk Assessment Plan, Program Management Plan, Security Planning, Physical and Environmental Protection Plan, Personnel Security Plan, Media Protection Plan, Identification and Authentication Plan, Contingency Plan, Audit and Accountability Plan, Security Awareness and Training Plan, Incident Response Plan, Access Control Plan, Risk Assessment Review (RAR) and Plan of Action and Milestone (POA&M). (50%)
Liaison with Federal Services business segment, corporate business units, and external stakeholders to ensure all legal and contractual requirements pertaining to cybersecurity, physical security, and Information Assurance are being met. (20%)
Communicate federal requirements to other Maximus Information Security Office (ISO) teams and advise implementation of applicable security controls and hardening standards to governance and technical teams. (10%)
Assist the BISO and ISO in the identification and assignment of control owners throughout the organization and continually review controls on organizationally defined periodicities. (10%)
Actively collaborate with ISO Threat & Vulnerability Management to ensure applicable technologies are compliant with defined vulnerability remediation timelines and hardening standards via enterprise vulnerability management tools. (10%)

Minimum Requirements

Minimum Qualifications:

Bachelor's Degree
7+ of security or technology related experience
Works on complex issues where analysis of situations or data requires an in depth evaluation of variable factors.
Exercises judgement in selecting methods, techniques, and evaluation criteria for obtaining results.
Networks with key contacts outside own area of expertise.
Develops solutions to a variety of complex problems.
Work requires considerable judgment and initiative.
Ability to communicate technical information in understandable business terms
Excellent interpersonal skills, presentation skills, and verbal / written communication skills
Strong customer service abilities required.
Ability to work collaboratively with a broad range of staff. Skilled in Microsoft Office software including Word, Excel, Visio, MS Project, and PowerPoint
Ability to perform comfortably in a fastpaced, deadlineoriented work environment
Ability to execute many complex tasks simultaneously, and work as a team member as well as independently

Project Requirements

Bachelor's Degree

in Computer Science or related field or the equivalent combination of education, training, or work experience.

7+ of security or technology related experience

Strong understanding of federal and DoD requirements to include but not limited to applicable Executive Orders, FISMA, FIPS, CMMC, NIST , NIST 80053, NIST 80060, NIST 80065, SCRM, FedRAMP, DODI 8500s, 8500.2s, and 8510s.
Experience with Governance, Risk & Compliance (GRC) tools (eMASS, CFACTS, CSAM).
Experience developing SSP's and applicable artifacts required for A&A activities.
Experience with Security Technical Implementation Guide (STIG) compliance.
Experience with vulnerability management and assessment via Qualys and Tenable.

EEO Statement

Pay Transp