Senior Information Security Analyst
About the role
The Senior Information Security Analyst will support the Environmental Protection Agency (EPA) in developing and maturing an Agency-wide information security program. This role is part of a dynamic team dedicated to supporting Federal programs that serve U.S. citizens.
Responsibilities
- Advising senior-level stakeholders on InfoSec initiatives including compliance, awareness and training, and security operations.
- Leveraging the GRC tool, Telos Xacta (or an alternate like CSAM or RSA Archer), to track and reconcile findings from assessments, audits, and vulnerability scans.
- Coordinating government data calls (FISMA, FMFIA, BDR, etc.) and monthly reports.
- Assessing the effectiveness of the InfoSec and privacy training program and leading the collection, analysis, and presentation of enterprise-level InfoSec performance metrics.
- Managing InfoSec Program POA&Ms, including advising on remediation efforts.
- Working closely with senior agency security officials, system owners, information system security officers (ISSOs) and other stakeholders to advise and implement security solutions.
- Identifying opportunities for efficiencies in work processes and innovative approaches.
- Participating in team problem-solving efforts and offering ideas to solve client issues.
- Conducting relevant research, data analysis, and developing reports.
- Preparing and assisting in the development of policy and procedures.
- Implementing processes and procedures to monitor risk across programs/projects.
- Preparing briefings to the executive team to debrief the results of studies, analyses, and plans.
- Assisting the client leadership in reviewing monthly project progress, documenting issues, and monitoring resolution.
Requirements
- Ability to obtain a Public Trust.
- Bachelor’s degree in information technology or related field and 8 years of relevant IA experience. May substitute security certification (e.g. CISSP) for 2 years of experience.
- 3+ years in a leadership role.
- Strong data analysis skills.
- Excellent written and verbal communication skills.
- Possess in-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 security controls.
- Possess in-depth knowledge of NIST 800-37 Risk Management Framework.
- Experience with a Governance, Risk and Compliance tool (e.g., Xacta, RSA Archer, CSAM or eMASS).
- Excellent attention to detail.
- Able to handle and prioritize multiple tasks and deadlines.
Qualifications
- Advanced level cybersecurity certification (e.g., CompTIA CISM, ISC2 CISSP) is desired.
- In-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 5 security controls is desired.
Skills
Desired skills include advanced level cybersecurity certifications and in-depth knowledge of NIST 800-53 Rev 5 security controls.
Benefits
The EPA Office of Information Security and Privacy (OISP) is responsible for developing and maintaining agency-wide information security and privacy programs; developing and maintaining information security and privacy policies, procedures, and control techniques; training personnel with significant information security responsibilities and assisting senior agency officials with information security and privacy responsibilities.
Pay
The posted salary range is a good-faith estimate. Actual compensation will be based on the selected candidate’s qualifications, experience, skills, and other job-related factors. DSA - Salary Pay Range $105,000 - $115,000 USD.
Schedule
This is a full-time position supporting a customer in the DC Metro area with a HYBRID Schedule. Core work hours dedicated to DSA and our direct customers are 8 am est to 5 pm est.