Job Details

Apply Online
Send This Job to a Friend

Requisition Number 18-0108
Post Date 12/5/2018
Title Security Analyst
Department IT - Cybersecurity
Job Category Full Time Employee
Number of Openings 1
FLSA Exempt
Tier Tier E 1
City Herndon
State VA
Description

The Security Analyst is a member of Information Assurance (IA) in the Office of Cybersecurity and is responsible for supporting the maintenance, development and improvement of the security policies, processes and compliance documentation.   The analyst supports major initiatives in the areas of audit and compliance functions assigned to the IA team.  The role supports compliance requirements with standards such as PCI-DSS, FISMA/NIST 800-53, SOC 2, ISO/IEC 27000 series, as well as third-party external reviews.  This role further helps develop, present, and maintain security awareness training material and assessments for Clearinghouse staff.  This role will also facilitate physical security program requirements.

How You Contribute:

  • Develop and maintain Cybersecurity policies, procedures, processes and guidelines.
  • Develop and maintain system security documentation in accordance with industry standard frameworks. 
  • Perform business & privacy impact assessments, E-Authentication & system risk assessments, develop security test & evaluation plans, system security plans, contingency plans and other reports as required.
  • Document industry standard controls for existing systems, as well as, systems in development.
  • Maintain and track corrective action plans and Plans of Action & Milestones (POA&Ms).
  • Track and monitor production system changes to ensure updates to applicable IA-related documentation and security impact assessments (SIA) are performed.
  • Independently perform audits and lead meetings with technical staff to accurately document system interconnections, data flows, security models and controls.
  • Provide inputs to Cybersecurity dashboard and other management reports.
  • Assist in the response to third-party and other reoccurring security audits and assessments.
  • Lead the delivery of Cybersecurity awareness training materials and events.
  • Assist in creating awareness presentations newsletters, correspondence, and educational materials.
  • Update Cybersecurity website with articles and communications from various IT domains.
  • Conduct phishing simulations and assess metrics that demonstrate performance from various teams.
  • Track and monitor the success of the Clearinghouse Cybersecurity Awareness program to include end user completion of security training.
  • Provide creative approaches to continually improve and grow the Cybersecurity Awareness program.
  • Coordinate and maintain certain components of physical security system including but not limited to electronic badging system, network video recorder, and office emergency communications system.
  • Establish and maintain a strong working relationship with team members and other departments.
  • Successfully manage responsibilities, set accurate expectations and meet deliverable deadlines while working interactively with others, as well as independently with minimal oversight.

Position may be required to perform other duties as required.

These essential functions are representative of those that must be met by an employee to successfully perform the job. Reasonable accommodations will be made to enable individuals with disabilities to perform these essential functions.

What You Bring to the Table:

  • Bachelor’s degree in Computer Science, Information Technology or related field.  A combination of education and experience, including military service will also be considered.
  • 5-8 years IT experience required, and experience in cybersecurity, auditing, and/or in information assurance preferred. 
  • Must possess a current and active CISSP, CISM, CISA, or equivalent certification, or obtain a CISSP, CISM, or CISA certification within 12 months of employment.
  • Experience with security standards such as PCI-DSS, FISMA/NIST 800-53 and/or ISO/IEC 27000.
  • Experience with implementing or supporting a Cybersecurity awareness program.
  • Strong technical writing, documentation, and communication skills are required.
  • Experience using Microsoft Office and Visio to create documents, presentations, and detailed drawings.
  • Understanding of enterprise, network, system and application level security issues.
  • Knowledge of enterprise computing environments, and distributed applications.
  • Live within a commutable distance of Herndon, VA.

Desired:

  • Experience working with industry frameworks such as ISO 27001 or NIST SP 800-53.
  • Strong analytical and problem-solving skills.
  • Technical skills or background.

Physical Demands:

  • Use of a computer terminal and/or laptop computer for 8 or more hours a day.
  • Use of a copy machine, and telephone.
  • Frequently required to sit for 7 or more hours per day in close proximity to others in an open office environment.
  • Occasionally required to use hands and fingers to operate, handle, and reach.
  • Vision abilities include close vision and the ability to adjust focus.
  • Must be flexible to do out-of-town assignments and travel via car, train, and airplane occasionally when needed (less than 10%).
  • Disaster recovery and/or business continuity efforts may require offsite work or travel and the acceptance of additional responsibilities to facilitate an efficient and effective restoration of operations.  Responsibilities during these efforts may be unrelated to those normally associated with this position.  Travel and offsite work in the event of a declared disaster will likely occur with no prior notice and may be prolonged in nature.
  • The employee must occasionally lift and/or move up to 25 pounds.
  • NSC strives to hire, promote, and retain the best qualified individuals for our employment opportunities. Our policies are intended to provide equal employment opportunity for all employees and job applicants without regard to race, color, religion, gender, gender identity, sexual orientation, age, disability, national origin, protected veteran status, or any other status protected by law. NSC strives to have a culture that is diverse and equally welcoming to all. As a Federal contractor, NSC is subject to requirements to take affirmative action to employ and advance in employment protected Veterans and individuals with disabilities. NSC is committed to its outreach efforts and practices to promote employment and advancement of members of these groups. To read our entire policy, go to: https://studentclearinghouse.info/careers/human-resource-policies
  • PAY TRANSPARENCY POLICY NSC will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by NSC, or (c) consistent with the NSC’s legal duty to furnish information. 41 C.F.R. 60-1.35(c)
  • Please view Equal Employment Opportunity Posters provided by OFCCP here.
Apply On line
Send This Job to a Friend