Data Recognition Corporation ยท 1 day ago
Senior Information Security Compliance Analyst
Maximize your interview chances
Consumer ResearchData Collection and Labeling
Work & Life BalanceNo H1B
Insider Connection @Data Recognition Corporation
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Obtain and maintain Authority to Operate (ATO) approvals for government contracts by adherence to NIST Risk Management Framework (RMF)
Support cybersecurity efforts to include the development and management of System Security Plan (SSP) documentation, Plans of Action and Milestones (POAMs), assessing and auditing systems security controls, and continuous monitoring activities
Manage internal and external annual audits (third party and customer)
FISMA NIST
ISO 27000 series
SOC II Type 2
Various customer audits
Maintain and drive remediation on Plan of Action and Milestones (POAM)
Policy and standard development and review
Lead security risk management and exception processes
Manage and enhance Business Continuity/Disaster Recovery processes
Update and maintain security and compliance metrics
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
5+ years of Information Security, GRC, or Compliance experience
Experience working with DoD/Government
Deep knowledge in NIST 800-53 and NIST 800-171 frameworks
Working knowledge of the following: Risk Management Framework (RMF), compliance with security technical implementation guides (STIGs), reviewing automated vulnerability scans, documenting Plan of Action and Milestones (POA&M)
Experience leading and managing a SOC 2 Type II compliance audit
Possesses a high level of personal integrity and the ability to discreetly handle sensitive, personal, and classified information.
Must have excellent communication skills and the ability to work well in a team and across the organization, in addition to independently driving initiatives.
Preferred
four-year college degree in IT, Computer Science, Cybersecurity
Internal or External Audit or Compliance experience
Experience with Federal Information Security Management Act (FISMA) leveraging National Institute of Standards and Technology (NIST) security controls (NIST 800-53, rev 4/5).
Security certification such as Certified Information Security Auditor (CISA) and/or Certified in Risk and Information Security Controls (CRISC)
Experience with ISO 27001 certification
Experience supporting and participating in third party vendor security assessments and audits, reviewing audit findings as well as responses to security findings and remediation plans.
Ability to manage cross-functional projects and initiatives as required.