Security Compliance Analyst - Reston, United States - Amivero

    Amivero
    Amivero Reston, United States

    2 weeks ago

    Default job background
    Description

    The Amivero TeamAmiveros team of IT professionals delivers digital services that elevate the federal government, whether national security or improved government services.

    Our human-centered, data-driven approach is focused on truly understanding the environment and the challenge, and reimagining with our customer how outcomes can be achieved.

    Our team of technologists leverage modern, agile methods to design and develop equitable, accessible, and innovative data and software services that impact hundreds of millions of people.

    As a member of the Amivero team you will use your empathy for a customers situation, your passion for service, your energy for solutioning, and your bias towards action to bring modernization to very important, mission-critical, and public service government IT systems.

    Special RequirementsUS Citizenship Required to obtain Public TrustBachelor Degree + 10years of experienceThe GistThe Security Compliance Analyst is a critical oversight role focused on ensuring that Agile IT software development processes comply with NIST, FISMA, and FedRAMP standards.

    This position involves monitoring, analyzing, and reporting on the security practices and compliance of software products and their operations from a strategic level.

    The Security Compliance Analyst will ensure that automated testing and scanning within CI/CD (Continuous Integration/Continuous Deployment) delivery processes adhere to stringent security requirements and regulations through comprehensive review and analysis of DevOps teams deliverables.


    What Your Day Might IncludeRegulatory Compliance Monitoring:
    Oversee and monitor the integration of NIST, FedRAMP, and FISMA compliance standards.

    Experience working within Agile development teams, from a hands-off perspective, ensuring compliance of software deliverables and associated operations to all required standards.

    Review documentation and processes to ensure compliance with these standards throughout the software development lifecycle.
    Conduct periodic audits of required standards, associated controls, and control items.


    Compliance Analysis and Reporting:
    Analyze security practices and compliance data to assess effectiveness and identify trends or recurring issues in Agile development projects.
    Prepare detailed reports on compliance status, audit findings, and recommendations for enhancing security and compliance practices.
    Present findings to senior management and provide strategic insights on maintaining compliance in a rapidly changing technology environment.
    Lead ATO, Risk Management, and other approval processes. Serve as the security and compliance expert when representing products within these processes.

    Risk Assessment and Mitigation Strategy Development:
    Develop and refine risk assessment methodologies to evaluate security risks associated with new software features and deployments.
    Provide guidance on mitigating risks identified during the compliance review processes.
    Collaborate with security engineers and IT teams to ensure risk mitigation strategies are effectively implemented.


    Policy and Standards Development:


    Assist in the development and updating of security policies and compliance standards to align with current regulations and best practices.

    Ensure that security compliance policies are communicated to and understood by all stakeholders, including Agile DevOps teams.


    Educational Initiatives and Training Support:
    Support the design and delivery of compliance and security training programs to raise awareness and knowledge across the organization.

    Act as a resource for Agile teams and IT staff by providing expert advice on compliance matters in an advisory capacity ..RequirementsYoull Bring These QualificationsUS Citizenship Required to obtain Public TrustBachelors degree in Cybersecurity, Information Technology, or a related field; Masters degree preferred.

    Professional certifications relevant to compliance and security, such as CISSP, CISM, or specific to NIST, FedRAMP, and FISMA.Proven experience in a compliance role with a strong understanding of software development processes and security frameworks.

    Experience with Agile methodologies DevOps based CI/CD processes, with a focus on security and compliance implications.
    Strong analytical skills and the ability to work independently.
    Excellent analytical and strategic thinking skills.
    Strong communication and presentation skills, capable of conveying complex information in a clear manner.
    Detail-oriented with a high level of integrity and professionalism.
    Proactive in identifying potential compliance issues and developing solutions.

    Ability to manage multiple projects and responsibilities in a fast-paced environmentEOE/M/F/VET/DISABLEDAll qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws.

    Amivero complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

    #J-18808-Ljbffr