Information Assurance Analyst 2 jobs in United States
cer-icon
Apply on Employer Site
company-logo

C2 Labs, Inc. · 3 months ago

Information Assurance Analyst 2

positionWashington, DC
timeFull-time
remoteOnsite
seniorityMid Level
date3+ years exp

C2 Labs, Inc. partners with clients on their IT transformation journey, focusing on innovative research and development in security. The Information Assurance Analyst 2 will work with a team to implement regulatory frameworks and develop necessary security documentation to ensure compliance and robust security posture.

ComplianceComputerData GovernanceInformation ServicesInformation TechnologySoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Categorize systems in accordance with Federal Information Processing Standards (FIPS) 199 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60
Select and tailor security controls by applying scoping guidance in accordance with NIST SP 800-53 and FedRAMP specific guidance
Document the implementation characteristics for security controls with enough detail to permit the testing of the security control by an independent assessor/Third Party Assessment Organization (3PAO)
Develop, review, and update security authorization package documentation to include the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), and Plan of Actions and Milestones (POA&M)
Develop, review, and update supporting documentation including the Contingency Plan (CP), Incident Response Plan (IRP), and Configuration Management Plan (CMP)
Conduct Security Impact Assessments (SIAs) on changes to information systems
Create the Control Implementation Summary (CIS)/Customer Responsibility Matrix (CRM) workbook outline Cloud Service Provider (CSP) and customer responsibilities
Develop, review, and update policies and procedures to support the implementation of the NIST 800-53 control families
Leverage the next generation of Governance Risk and Compliance (GRC) tools to automate the creation of the SSP
Review current security assessment and authorization processes and provide recommendations for improvement
Develop Risk Assessment Reports (RAR)
Provide guidance on NIST 800-53, FedRAMP, and StateRAMP control requirements
Develop and deliver training to educate stakeholders on the various tasks and activities associated with the RMF

Qualification

Governance RiskComplianceFedRAMPNIST RMFSecurity Authorization DocumentationCISSPCISMCAP CertificationTechnical WritingInterpersonal SkillsCommunication Skills

Required

Must be a US Citizen and capable of passing a Public Trust background investigation
Minimum 3-5 years' experience in IT consulting specializing in Governance, Risk, and Compliance using the RMF
Excellent communication and interpersonal skills, with the ability to build a rapport and trust with clients
Knowledge of the cybersecurity industry to include regulatory frameworks such as the National Institute of Standards in Technology (NIST) Risk Management Framework (RMF), Federal Risk Authorization Management Program (FedRAMP), Department of Defense (DoD) Impact Levels (2-6), and the State Risk Authorization Management Program (StateRAMP)
Possesses an in-depth understanding of the FedRAMP authorization process and associated templates and deliverables
Must have experience creating security authorization package documentation (i.e., SSP, SAP, SAR, & POA&M) and managing system authorization artifacts for a FedRAMP authorized cloud environment
Candidates must be United States citizens and able to successfully complete and maintain a Public Trust security clearance
Background check and unannounced drug testing required
This position is onsite in Washington, DC, with occasional travel (up to 25%) for client meetings and work assignments
Must have strong technical writing skills
Must be able to work independently under only general direction
Must be able to interpret and provide consulting expertise on FedRAMP security requirements
Must have extensive knowledge in reviewing, analyzing, and documenting the secure implementation of logical controls, physical controls, environmental controls, personnel security, and incident handling
Experience preparing monthly continuous monitoring deliverables (e.g., vulnerability scans, POA&Ms, and asset inventory) for submission to the FedRAMP PMO

Preferred

CISSP, CISM, or CAP certification is preferred

Company

C2 Labs, Inc.

twittertwittertwitter
company-logo
C2 Labs partners with our clients on their IT transformation journey via our industry leading capabilities in full stack development, hyper automation/DevOps/cloud, cyber security compliance, ISSO as a Service, and FedRAMP Enablement.
dateFounded in 2014
location
Mclean, Virginia, USA
people-size11-50 employees
web-link
https://c2labs.com/

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Craig Thomas
Chief Technology Officer
linkedin
Company data provided by crunchbase