Information System Security Analyst - Windsor Mill, United States - Index Analytics Llc

Description

Index Analytics, LLC, is a rapidly growing, Baltimore-based small business providing health-related consulting services to the federal government. At the center of our company culture is a commitment to instilling a dynamic and employee-friendly place to work.

We place a priority on promoting a supportive and collegial team environment and enhancing staff experience through career development and educational opportunities.

The Information Security Systems Analyst (InfoSec SA) performs cybersecurity-related tasks designed to safeguard the security of systems and information assets by protecting against unauthorized access, modification, or destruction.

The InfoSec SA demonstrates expertise in various systems administration concepts, practices, and procedures. They rely on extensive experience and judgment to plan and accomplish goals. They perform a variety of complex tasks, and a wide degree of creativity and latitude is expected. They lead and direct the work of others, typically reporting to department management or executive. They may provide consultation on complex projects and be a top-level contributor/specialist in the department. They must be an expert at problem-solving, identifying risk, and communicating results and recommendations to department management.


The InfoSec SA will:

• Manage information systems security including disaster recovery, database protection, and software development
• Perform technical support focused on developing, operating, managing, and enforcing security capabilities for systems and networks
• Identify, report, and resolve security violations
• Evaluate IT infrastructure in terms of risk to the organization and establish controls to mitigate loss
• Determine and recommend improvements in current risk management controls and system changes or upgrades
• Work with end users to determine needs, implement policies or procedures, and track compliance through the organization
• Establish, plan, and administer the information security function's overall policies, goals, and procedures
• Implement network security policies and procedures to ensure network (LAN/WAN, telecommunications, and voice) security and protect against unauthorized access, modification, or destruction

Responsibilities

• Aid project teams in compiling documentation for Security Compliance Audit/Adaptive Capability Testing (SCA/ACT), Security Impact Analysis (SIA), and Authority to Operate (ATO) prior to project implementation and support the recurring and ongoing security requirements.
• Work with Federal Agency and contractsupported Information System Security Officers (ISSOs) to monitor and track the progress of remediations to security findings.
• Provide support for contractsupported programs, federal agencies, federally owned system, or enclaves' information assurance programs.
• Provide support for proposing, coordinating, implementing, and enforcing information security policies, standards, and methodologies.
• Perform vulnerability/risk assessment analyses to support certification and accreditation.
• Provide configuration management (CM) for information system security software, hardware, and firmware.
• Manage changes to the system and assess the security impact of those changes.
• Prepare and review documentation to include Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
• Support security authorization activities in compliance with the U.S. Department of Health & Human Services (HHS) for the Centers for Medicaid and Medicare Services (CMS) and the Food and Drug Administration (FDA).
• Complete a Security Impact Analysis as part of each sprint within an agile development organization.
• Support, implement, maintain, and monitor security and privacy controls in compliance with Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) requirements and guidance; knowledge of Cybersecurity Maturity Model Certification (CMMC) requirements is a plus.
• Plan, document, implement, assess, maintain, and monitor security and privacy controls per requirements, policies, standards, processes, and procedures documented in the CMS BPSSM, ARS 3.1 and 5.0, TRA, and RMH.
• Support audits, assessments, penetration testrelated documentation requests, and vulnerability remediate efforts.
• Document and maintain a Plan of Action and Milestones (POA&M) for weaknesses identified in security tests and audits.
• Recommend system architecture solutions based on industry best practices and knowledge of federal and organizational security guidelines.
• Maintain current knowledge of relevant security and privacy trends and technology.
• Knowledge of Symantec Endpoint Security cloud is a plus.

**Qual