Corporate Information Security Analyst, Columbia, MD
Our client is seeking a Corporate Information Security Analyst for a direct hire opportunity in Columbia, MD.
The Corporate Information Security Analyst is responsible for monitoring, evaluating, and maintaining systems and procedures to protect networks, systems, and data from unauthorized uses. The incumbent identifies potential threats and responds to reported security violations, determines causes of security violations and recommends corrective actions to ensure data security. The Corporate Information Security Analyst also researches, recommends, and implements changes to procedures and systems to enhance data systems security, and assists in communicating security procedures to users. This is a matrix organization in which the Corporate Information Security Analyst usually reports indirectly to a first line Project Manager from a program standpoint but will report into our client's Security Department and will need to possess and apply a strong knowledge of the principles, practices, and procedures related to information security, risk management, privacy, and IT governance to the completion of meaningful and challenging assignments.
- Works under general supervision to plan and conduct security related assignments for one or more programs/customers.
- Responsible for authoring security artifacts and related documents necessary for a federal system to earn and keep its systems accreditation.
- Manage POA&M's by creating and documenting new Corrective Action Plans (CAPs) and tracking them to completion.
- Trusted advisor to program manager and development team to ensure adherence to security architecture and development standards.
- Responsible for ensuring program level compliance with FISMA Controls (e.g., SP800-53).
- Act as one of several primary points of contact for the customer relative to matters of information security.
- Provide guidance to our Program Managers and Program Directors regarding internal security strategy.
- Help implement selected program components for our internal security department/posture as well.
- Information Security Domain expertise – Candidate must be very familiar with standard concepts, practices, and procedures within the information security and privacy domain.
- Requires experience working through the entire ATO process.
- Risk Management – Person must understand the total process of identifying, controlling, and mitigating uncertain events that may negatively affect system resources including risk analysis, cost-benefits analysis, selection, implementation and testing, security evaluation of safeguards, and overall security review.
- Federal Security Compliance – Must be fluent with FISMA, NIST SP800-53, and the Federal systems certification and accreditation process.
- Writing Skills – Individual must be experienced in authoring/maintaining security artifacts (e.g., SSP, ISRA/RA, CP, PIA, PTA, SORN, etc.).
- Interpersonal – Must demonstrate self-motivation with a strong ability to work in a multi-tasking, changing environment.
- Governance – Experience with major governance regulations (e.g., SOX, HIPPA, NISPOM, DITSCAP, CoBIT, HITRUST, etc.)
- Industry Experience – Healthcare industry experience, with a particular emphasis on health payer solutions, electronic health records, behavior health, data analytics, claims adjudication, medical management, and fraud detection and prevention is critical.
- Customer Sensitivity – Experience working with and/or for Health focused Agencies of the Federal Government to include NIH, CDC, CMS, VA, SAMHSA. Experience working with DHHS specific protocols (e.g., BPSSM, RMH, XLS, TRA, etc.).
- Systems Development – Experience in full life cycle information technology solution implementation from conceptualization, requirements, design and specification through development (coding), integration testing and commissioning.
- Other – Strong technical design and communication skills.
Experience & Education:
- A Bachelor's Degree with 5 years of related professional experience or 9+ years of directly related professional experience may be substituted for the degree requirement.
- Professional Security Certification is required (e.g., CISSP, CISM, CISA, etc.
- Only those individuals selected for an interview will be contacted.
- No calls, inquiries, or Third Party Vendors please.
- We are an equal opportunity employer (Unable to sponsor H1B Visas).
Since 1988, The ACI Group, a Baltimore-based IT staffing firm, has been committed to hiring the industry’s leading professionals, and presenting exciting career opportunities. We have access to varied types of contract, permanent and contract-to-perm positions and offer a choice of employment options including a full benefits package.
Submit your resume for this job