Information Security Analyst " NIST Compliance"
Delphi-US
- Richmond, VA
- Contract
- Full-time
The Security Control Assessor plays an integral role in ensuring that an organization's information systems are evaluated for security risks and vulnerabilities, aligning with established information security policy and standards. This position involves a thorough examination of security controls, policies, and procedures to identify any weaknesses that could potentially be exploited. Provides essential insights and recommendations to enhance the security posture of the organization.Supports the development of strategies to mitigate identified risks, ensuring the protection of sensitive information and the integrity of IT systems. Navigate the complex landscape of cybersecurity threats, maintaining compliance with SAFR requirements, and safeguarding assets.
Responsibilities:
- Conduct thorough evaluations of information security controls to identify potential threats and vulnerabilities to the Systems information systems.
- The process includes a detailed review of security controls, policies, and procedures to prioritize risks and recommend enhancements that support organizational security goals
- Reviews data and assists in advising districts on best practices and how to implement the necessary changes to address their business and information security needs.
- Key participant in project development surrounding new processes and the integrating of new processes with existing ones. Assists in developing communications of these changes to impacted clients and other resources.
- Performs other related duties as assigned.
- Will require the use of standard office equipment such as computers, phones, photocopiers, etc.
- Physical Demands: Requires some degree of sitting (for prolonged periods of time), standing, lifting carrying, pushing, pulling less than 20 lbs.
May require extended work hours. The ideal candidate will work a hybrid schedule and be in a district office two days a week. Occasional travel including overnight stays may be necessary.
Required Qualifications:
- Bachelor's degree in computer science, Information Security, or equivalent experience with 3 to 5+ years of relevant work experience
- Proven experience with conducting security assessments
- Knowledge of compliance frameworks and continuous authorization processes. Prefer NIST SP800-37, SP800-53/53a.
- Excellent communication skills and the ability to work collaboratively.
- Reviewing data and advising customers on SAFR requirements and best practices
- Building strong collaboration and negotiation relationships
- Poses creativity, attention to detail
- Understands and applies the risk management discipline in decision making and contributes to the functional area's risk management
- Certifications such as CISSP, CISA, CISM.
- Experience in a policy and assurance or quasi-governmental environment
- Familiarity with cloud service providers and associated security challenges
- Knowledge of SAFR lifecycle compliance and testing
- The candidate must possess skills that include experience with:
- Reviewing data and advising customers on SAFR requirements and best practices
- Building strong interpersonal collaboration, negotiation, creativity, attention to detail, and communication relationships
Delphi-US is a national recruiting firm based in Newport, Rhode Island. We specialize in IT, Engineering and Professional Staffing services for premier corporations and a multitude of industries across the United States. We are the Peacemakers In The Talent War - bringing the best and brightest talent to Employers of Choice, enabling critical project success, fostering progressive employment relationships, and promoting competitive advantages for our Clients and the Talent Marketplace we serve. Delphi accomplishes this with a proprietary skill-based and cultural matching process that results in higher qualified submissions along with increased interviews and offer rates. You'll find our team is highly experienced, friendly, professional and ready to advocate on your behalf, armed with industry trends, and an understanding of employer expectations.