Job Description :
Job Title: Security Analyst
Location: Elkridge, MD
Duration: Fulltime
Note: Will require 20% travel across cyber clean locations (north east mainly) to assess hi/low/med level assets and do POA/FISMA/Rev1/Rev2/Rev4 assessments.
Job Description:
Responsible for planning and implementing risk management strategies, processes and programs.
Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.
Development and execution of information risk controls and management strategies. Procures and governs information risk management services and consultants.
The implementation of organization-wide processes and procedures for the management of operational risk.
The development of and execution of information risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
The resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.
This role will specialize on a specific technology and/or risk management discipline. Examples of specialization areas can be any technology, technique, method, product or application area as they pertain to the disciplines of information security, privacy, disaster recovery, and regulatory compliance.
Works under general supervision.
Uses discretion in identifying and resolving complex problems and assignments.
Specific instruction is usually given and work is reviewed at frequent milestones.
Determines when problems should be escalated to a higher level.
Interacts with and influences department/project team members.
Frequent external contact with customers and suppliers.
In predictable and structured areas, may supervise others.
Decisions may impact work assigned to individual/phases of project.
Specialized range of work, of relatively less complexity and standard, in variety of environments.
Uses best practices and knowledge of internal or external business issues to improve products or services
Acts as a resource for colleagues with less experience
Requires in-depth knowledge and experience
Decisions guided by policies, procedures and business plan
Generally domestic scope/accountability
Preferred Qualifications:
U.S. Citizen Required
Position is onsite Elkridge, MD.
Bachelor''s Degree in Computer Science, Information Systems, or related field.
Technical certifications such as ABCP, CFCP, CIPP, CISA, CISSP, FBCP, GCIH, GCFA, GCFW, GCWN, GSEC, SANS.
Basic understanding the following security domains with technical expertise in at least one:
Access Control Systems and Methodology
Telecommunications and Network Security
Business Continuity Planning and Disaster Recovery Planning
Security Management Practices
Security Architecture and Models
Law, Investigation, and Ethics
Application and Systems Development Security
Cryptography
Computer Operations Security
Physical Security
Relevant industry standards awareness / governmental regulations awareness
Disaster Recovery Domain
Basic understanding of the following Business Continuity domain areas with technical expertise in at least two:
Project Initiation and Management
Risk Evaluation and Control
Business Impact Analysis
Developing Business Continuity Strategies
Awareness and Training Programs
Exercising and Maintaining Business Continuity Plans
Public Relations and Crisis Coordination
Coordinating with External Agencies
Relevant industry standards awareness / governmental program awareness.