Our client is hiring a Security Compliance Analyst to be located at the Lake City Army Ammunition Plant in Independence, MO (Kansas City area).
- Work collaboratively with key stakeholders across the IT organization, including external auditors, IT process owners, IT management, and business stakeholders.
- Develop an understanding of the IT organization’s processes, goals, and strategies.
- Establish and implement a process to compile and analyze data from various security tools such as anti-virus, active directory, advanced endpoint threat detection, and patching systems and develop meaningful and actionable IT compliance reporting.
- Demonstrate knowledge of information security standards and frameworks such as ISO 27001, NIST 800-171, NIST 800-53, other NIST publications and Defense Federal Acquisition Regulation Supplement (e.g., DFARS clause 252.204-7012).
- Perform and manage IT risk assessments to support requirements of various security frameworks.
- Ensure IT security design, controls, processes, and procedures are aligned with Information Security standards, guidelines, and policies in order to maintain Systems Security Plans.
- Facilitate the overall planning, execution, and reporting of risk assessments and IT compliance audits to support ISO and NIST requirements and other IT Security Compliance related initiatives.
- Continuously evaluate the efficiency and effectiveness of ISO and NIST audit strategy / methodology and proposes improvements to achieve audit efficiencies.
- Identify opportunities to improve existing process and controls; recommend constructive corrective actions to address control deficiencies identified through compliance audits to strengthen IT security posture and improve IT processes.
- Actively manage agreed corrective actions by collaborating and communicating with IT action owners.
- Support development of System Security Plans, Cyber Improvement Plans, and Security Operating Policies and Procedures.
Must meet the following criteria:
- Bachelor’s or Master’s degree* in Computer Science, Cybersecurity, or related field and a minimum of 5 years of IT Security experience.
- Knowledge of information security concepts and technologies such as networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
- Direct experience with implementation and management of security frameworks such as ISO 27001, NIST 800-171, NIST 800-53, DFARS clause 252.204-7012.
- Certification such as Certified Information Systems Auditor (CISA), or Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP) or other similar certification preferred but is not required.
- Experience performing full lifecycle NIST specific security assessments.
- Excellent verbal and written communication skills with ability to communicate confidentially with all levels of IT management.
- Excellent analytical, problem-solving, and decision-making skills to mitigate risks and resolve control deficiencies.
- Ability to manage multiple responsibilities and projects simultaneously with varying degree of complexities and timelines.
- Demonstrates genuine desire in continuous learning and process improvement.
- Have a team player attitude with a willingness to work with other team members.
- Approximately 10% travel is required.
*Degree must be from a school that is accredited by an accrediting agency recognized by the Secretary of Education of the U.S. Department of Education.