This job was posted by https://okjobmatch.com : For more information, please see: https://okjobmatch.com/jobs/3178657 It\'s fun to work in a company where people truly BELIEVE in what they\'re doing!

We\'re committed to bringing passion and customer focus to the business.

SUMMARY

The CyberSecurity Assessment and Authorization Analyst provides support to the Department of Health and Human Services, Indian Health Service (IHS). This position is responsible for executing and assisting in the completion of security certifications and for providingsupport in the development and implementation of a program to manage all aspects of compliance with government regulations

ESSENTIAL DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities include the following. Other duties may be assigned.

Conducts annual security controls effectiveness testing. Documents findings and advises and monitors remediation efforts on all systems in accordance with established policy and procedures.

Conducts significant research, evaluation, recommendation, and documentation development such as security assessment reports, methodologies, briefings, and presentations.

Conducts information security audits/risk assessments on customer systems and network and documents in accordance with NIST, Risk Management Guide for Information Technology Systems.

Annually reviews and updates the security and contingency plan for each system in conjunction with security audits and makes recommendations to address deficiencies.

Assists system owners in developing security authorization packages that are fully compliant with National Institute of Standards and Technology (NIST) guidelines and organizational defined standards.

Evaluates the implementation of security controls as required by NIST. Prepares security authorization packages using approved customer templates.

Assists in meeting mandates, directives, reporting, and other security-related processes with respect to Federal regulations such as FISMA; Health Insurance Portability and Accountability Act (HIPAA); Office of Management and Budget (OMB) mandates; Homeland Security Presidential Directives (HSPD); Federal Information Processing Standards (FIPS) and NIST guidance implementation, oversight, and compliance.

Reviews and updates risk assessments when significant changes occur to systems/network.

Ensures customer information and information systems are adequately protected from unauthorized access, use, disclosure, disruption, modification, or destruction. Briefs and provides documented results to staff. Briefs include, at a minimum, areas of conformance to directives, corrective recommendations for deficiencies, and POA&M explanations to correct deficiencies.

Analyzes major IT systems, from a security perspective, during the initial phases of system development and throughout the systems development lifecycle.

Reviews standard security configurations to assure compliance with federal directives and industry best practices.

Responsible for aiding in own self-development by being available and receptive to all training made available by the company.

Plans daily activities within the guidelines of company policy, job description and supervisor\'s instruction in such a way as to maximize personal output.

Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.

CNI CORE COMPETENCIES

Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplis ing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.

COMPLIANCE

Promotes and encourages a culture of compliance with all applicable rules (federal, state, local, Federal Acquisition Regulations, Code of Federal Regulations, Prime Contract requirements, etc.) for themselves and the company as a whole. Fosters an environment in which they will report any violations or reasonably suspected violation of CNI policy, FAR, and/or CFR and are comfortable discussing the myriad compliance, conflict, FAR, CFR, etc. issues that arise during the performance of a government contract.

EDUCATION/EXPERIENCE

Bachelor\'s degree in Computer Science or a related field of study and a minimum of eight (8) years\' relevant experience, or equivalent combination of education / experience.

Must have at least eight years (8) of information security experience and with at least four (4) years of certification and accreditation (C&A) compliance / Security Assurance (SA) experience (NIST based).

CERTIFICATES, LICENSES, REGISTRATION

CAP, CISSP, CISM, CISA, SANS GIAC, Sec