Information Security Analyst Sr Adv/Information Systems Security Officer (TS/SCI with Poly Required)
GCI Incorporated · Virginia, United States · 4 mo ago
On-siteInformation TechnologyFull-time
Duties
- Performs audit log analysis, report generation and brief findings to Senior Management.
- In coordination with Senior Management, develops information system security policies, CONOPS, guides, etc.
- Captures security investigations of all suspected computer security violations, incidents, and compromises in accordance with GCI’s incident response program.
- Responsible for Information Assurance (IA) processes, procedures, and compliance for all assigned Information Systems (IS).
- Conducts security audits and ensures that audit trails are reviewed and audit records archived in accordance with GCI and Customer security requirements.
- Ensures IS are operated, used, maintained and disposed of appropriately in accordance with GCI and/or Customer security procedures, directives, guidelines, regulations, and policies.
- Develops and maintains system security documentation such as Security Plans, Security Operating Procedures, CONOPS, required policies and documentation to support system compliance for assigned security frameworks (e.g. NIST RMF/CSF, NISPOM, ICD Publications, CUI, CMMS) in coordination with the IAM (Information Assurance Manager) and Information System Security Manager (ISSM).
- Conducts periodic reviews, self-inspections, and/or assessments to ensure IS(s) meet Senior Management and customer security requirements as well as during A&A activities.
- Conducts user training and awareness activities under the direction of the company IAM, ISSM, or Customer Security.
- Participates in self-assessment of system safeguards and program elements and in assessment and authorization of the system.
- Serves as member of the Configuration Management Board for system(s) for which they are responsible.
- Captures approval from senior management and/or Customer Security representatives for the procurement of software, hardware, and firmware for use on assigned IS(s).
Qualifications
- Possess a working knowledge of industry best practices for Information Assurance as well as applicable information security documents such as ICD 503, Risk Management Framework (RMF), NISPOM, and NIST.
- Self-starter that is mission focused and able to work in a dynamic work environment with a diverse set of personalities.
- Strong documentation, analysis, and oral/written communications skills.
Required
- Security+ CE Certification
- 5 or more years of experience across System Administration or Network Administration/Engineering with at least 3 years supporting IA/INFOSEC
Desired
- CISSP Certification
- Network+ Certification
- IT Certifications from Microsoft, Linux, and/or Cisco
- ISC2-SSP (System Security Certified Practitioner)
- ISC2-CRGC (Governance, Risk and Compliance Certification)
- ISC2-ISSMP (Information Systems Security Management Professional)
Education
- Bachelor's or higher preferred.
Experience
- 5 years: Experience across System Administration or Network Administration/Engineering with at least 3 years supporting IA/INFOSEC
Location
- Reston, VA
Equal Opportunity Employer
- Individuals with Disabilities / Protected Veterans