IT Compliance

The Specialist will develop, update, and maintain IT compliance documentation based on *** IT compliance standards. The individual will conduct regular reviews and assessments to coordinate *** System (Client) Enterprise Risk Management and Security Assurance for the *** (SAFR) reporting requirements. Responsibilities - Perform IT compliance, risk assessment, and mitigation. Provide business and technical expertise for compliance including impact level and vulnerability corrective action recommendations and follow-up. Develop, update, and maintain IT compliance documentation based on *** IT compliance standards. Conduct regular reviews and assessments to coordinate IT compliance testing and reporting requirements. Analyze IT compliance and risk related policies and standards.

Principal Accountabilities:
• Performing activities associated with the client information security framework. This includes assisting business lines completing security control self-assessments, preparing System Security Plan documentation, conducting analysis of security control deficiencies, and monitoring risk management activities. Providing status reports of progress.
• Optionally and skills dependent, candidate could participate in independent security controls testing activities such as technical scanning or management/operational reviews.
• Executing continuous monitoring activities, including recurring access reviews, and preparing security-related documentation.
• Assisting peers within the Information Security function with ad hoc risk assessments, such as software/hardware compliance reviews.

Knowledge and Experience:
• Working knowledge of NIST 800 series Special Publications, FISMA, or equivalent IT security programs. Background in information technology, information security, computer science, data analysis or equivalent preferred.
• Knowledge and experience with risk assessments, security plans, and test and evaluation activities.
• Ability to recommend corrective action plans.
• Ability to interpret security policies and standards and understand how they can be best applied within an organization.
• Good organization skills with the ability to exercise discretion and ingenuity to determine the proper course of action while following established standards.
• Ability to be innovative with resourcefulness and a strong drive for results.
• Strong communication skills to support team members within the Information Security function and business lines.
• Excellent written and verbal communication skills.

Other:
• Staff working within the Information Security function are expected to obtain an enhanced clearance (NACI level 2 or equivalent).

Quals--
Requirements - Working knowledge of NIST 800 series Special Publications and IT Security Program. Knowledge and experience normally acquired through, or equivalent to, the completion of a bachelor's degree and 3 - 5 years of job-related experience. Certification in related technical discipline desirable.