The Information Security Analyst is part of the Granicus Security team to ensure cohesive awareness of risk and our risk reduction capabilities, as well as easily collaborate with other departments who support our Security Program. Owns delivery of assigned security compliance projects in support of ongoing compliance programs. Assist team with other security and/or privacy compliance projects as assigned. Services should be performed in accordance with professional and department standards. Responsibilities include assessing the current adequacy of security strategy and controls for assigned systems, calculating the impact of potential adverse events, and facilitating risk mitigation planning and review sessions. This role assists with internal and third-party risk assessments.
What You’ll Do:
- Develop and support the maintenance of System Security Plans (SSP) and related security documentation for internal systems
- Prepare for, participate in, and support security certification and NIST-800-53 based compliance audits (FISMA, FedRAMP, 800-171, CMMC, etc.)
- Gather or coordinate the collection of necessary evidence
- Conduct NIST SP 800-53A assessments on internal systems through personnel interviews and documentation review, determine compliance with policies and procedures, recommend corrective actions, and prepare findings reports
- Create POA&Ms and tracks associated mitigation
- Review and process monthly vulnerability scan results for assigned systems and work with the technical teams to ensure vulnerabilities are resolved on time
- Track SLAs on audit and continuous monitoring findings
- Self-manage assigned projects, report status, issues, and recommendations for success
Skills & Requirements
Who You Are:
- You have a bachelor’s degree preferably in a Computer Networks and Cybersecurity or Computer Science (or equivalent)
- You have worked 3+ years with information security governance, compliance, and/ or auditing with at least 2 years of direct and/ or related experience assessing information systems following NIST Special Publications e.g. NIST 800-37, 800-53, 800-137, etc.
- You are familiar with a variety of IT technologies, architecture, concepts, best practices, and procedures, information security principles, standards, tools, and methodologies
- You are familiar with assessing commercial cloud environments
- You have a strong “accountant-like” mindset and attention to detail, ability to interface with all levels of personnel (system administrators, ISSO, Developers, etc.)
- You have proven problem-solving and analytical abilities with the ability to prioritizing large amounts of data
- You can effectively handle ambiguous, dynamic tasks and have the ability to switch focus in response to events and circumstances
- You can contribute and/or author deliverables e.g. System Security Plan (SSP), Security Assessment Report (SAR), Plan or Actions and Milestones (POA&M), and Security Impact Analysis (SIA)
- You are results-oriented with the ability to self-manage and work independently
- You have strong experience in Microsoft Word, Excel, and PowerPoint
Desired Characteristics:
- At least one of the following certifications: Security+, CAP, CISA, CISM, CISSP
- Understands and prioritizes work according to time and resource constraints
- Comfortable with presenting work to small audiences (10-20 people)
- Has strong presentation, verbal and written communication skills
- Able to operate effectively independently and in teams, making progress on tasks while dealing with potential process and project ambiguity
- Understands risk management concepts
- Maintains excellent organizational, planning, and time management skills
- Ability to work within and coordinate with other agile-based teams
- Experience with JIRA and Confluence is strongly desired
- Working knowledge and ability to submit non-complex database queries
- Experience with FedRAMP
Please click the button below to apply for the remote job.
Apply Here