Jr Security Compliance Analyst

KEY RESPONSIBILITIES:

• ssess security controls based on NIST 800-53 standards.

• Conduct interviews, reviews, and testing to verify compliance.

• Proficient in developing and maintaining comprehensive security documentation, including:
o System Security Plans (SSPs),
o Security Assessment Report (SARs),
o Security Assessment Workbook (SAW) and
o Plan of Action & Milestones (POA&Ms)

• Support risk assessments and vulnerability analyses.

• Conduct system security control assessments for federal information systems, applications, and cloud environments

• Perform risk assessments and recommend actionable mitigation strategies to stakeholders.

• Create and update security documentation, including policies, procedures, and test plans.

• Collaborate with system owners, ISSOs, and IT teams to implement and document security requirements.

• Communicate findings, risks, and mitigation efforts to technical and non-technical stakeholders.

REQUIRED KNOWLEDGE & SKILLS:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).

• 3-5+ years of experience in security compliance, risk management, or related fields, with strong knowledge on NIST SP 800-53, CMS MARS-E 2.2,
FedRAMP, HIPAA, PCI, State RAMP, SOC 2 Type II, and other relevant industry and government cyber security compliance standards and frameworks

• bility to manage multiple tasks effectively while working independently and collaboratively.

ABILITIES:

• bility to conduct independent security control assessments for federal systems and cloud environments.

• Skilled in performing detailed risk assessments and providing actionable mitigation strategies.

• Strong written and verbal communication skills, capable of collaborating effectively with stakeholders, including system owners, ISSOs, and IT teams.

• Demonstrated ability to manage multiple tasks effectively, both independently and in a team environment.

• Strong problem-solving and analytical abilities to address complex security challenges.

FOLLOWING INDUSTRY STANDARD CERTIFICATIONS ARE PREFERRED BUT NOT REQUIRED:

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

• Certified Cloud Security Professional (CCSP)