System Authorization Analyst
The System Authorization Analyst requires specialized experience in the security authorization following NIST guidelines, process analysis and redesign, performance measurement and management, strategy, risk management, and security operations. She/he must have a minimum of four years of experience consulting or implementing security activities that cover most aspects of security described below and must have attained and maintained a certification from an internationally accepted accrediting source such as ISC2 or ISACA. Requires Bachelor’s degree (engineering, math, or science degree preferred) and 8 years of general experience. Provides computer engineering and computer systems analysis of computer systems.
The individual will provide System Assessment and Authorization (SA&A) support services, including conducting independent assessments, assisting in the development of required security documentation, and the preparation, review, and briefing of completed authorization packages for FISMA reportable systems. This will include the documents that comprise a full System Authorization (initial) or Re-Authorization based on the current NIST guidelines – NIST SP 800-37, 800-553, and 800-53a. The individual must be capable of independently developing SA&A packages and executing the associated tasks required in support of their development through independent assessment/ISSO support services. The individual will conduct annual reviews and make updates to the system documentation as required.
The individual will provide Independent Assessment Services:
- Assessment of system security controls as documented in the SSP.
- Conduct a risk assessment based on findings of the security controls assessment.
- Develop the Security Assessment Report (SAR).
- Develop the Risk Assessment Report (RAR).
- Document the POA&Ms.
This position is a highly visible position interacting at the CISO and/or ISSPM level for a major government agency. Communication and writing skills are of paramount importance and the ability to work independent of supervision is critical.
Experience with Cyber Security Assessment Management (CSAM) is a plus.