Data Analyst/Assessor

Overview:

The CSIS Data Analyst/Assessor will support Diplomatic Security at the Department of State in the Office of the Chief Technology Officer (CTO). CTO is the primary IT group within the Bureau of Diplomatic Security, providing many web applications and other services used by Federal and local law enforcement officers worldwide.

Primary Responsibilities:

• Assessing systems for compliance for security controls throughout system development life cycle and continuous monitoring phase.
• Familiar with NIST Rev 4 and 5 security controls.
• Documenting security control implementation statements.
• The ability to create and comprehend topology and network diagrams.
• Demonstrated experience creating system continuous monitoring and contingency plans that identify critical mission and business functions and recovery processes and procedures.
• Work with application project teams and operations teams to complete RMF steps 1 through 3, as required for RMF steps 4,5 and, 6.
• Produce, develop, and maintain all required security documentation.
• Complete a weekly activity report.
• Provide recommendations and guidance for all non-compliant security controls.
• Responsible for knowledge of and assisting project teams and registering systems in iMatrix and Xacta.
• Request, gather, and comprehend evidence required to closeout open POAMS.
• Execution and knowledge of FISMA tasks consist of system authorization/reauthorization, Privacy Impact Assessments, system security categorization, and development of required security documentation required for DS application systems.
• Conduct comprehensive self-assessments consisting of automated and manual security assessments of the management, operational, and technical security controls. employed within or inherited by DS information systems to determine the overall effectiveness of the controls
• All other duties assigned.

Education and/or Experience:

• B.A and/or B.S.
• A minimum of five to seven (5-7) years of experience in performing system and application certifications and accreditations.
• Expert in the processes and documentation requirements for numerous C&A methodologies.
• CISM, CISSP, CAP and/or other equivalent certificates.
• Advanced practical experience in managing all phases of systems C&A activities ranging from early concept development to system retirement.
• Demonstrated experience supporting Government Agencies preferably DOS.
• Proficient or able to gain proficiency with a broad array of security software application and tools.
• Organized with attention to detail.
• Willing to learn.

Preferred:

• Certified Information Systems Security Professional (CISSP) and/or a Certified Information Systems Auditor (CISA)
• Prior server, networking, or application administrative, engineering or system architect experience.
• Experience working in a matrix organizational structure.
• Previous experience using Xacta, JIRA, and/or Service Now.
• Some knowledge of SDLC, project manage principles, and ITIL.
• Knowledge of the FAM and FAH Policies.

Certificates, Licenses, Registrations:

• CISM, CISSP, CAP and/or other equivalent certificates.

Security Clearance:

• Minimum Secret Clearance.

Physical Demands:

Must be able to physically and medically perform in a normal office environment.  While performing the duties of this job, the employee is required to be able to occasionally stand; walk; sit; use hands and/or fingers to handle, or feel objects, tools or controls; operate office equipment, reach with hands and arms; climb stairs; balance; stoop; kneel; talk or hear; taste or smell.  The employee must occasionally lift and or move up to 25 pounds.