Previous experience with Site Assistance Visits (SA - Vs) to ensure regulatory compliance with Command Cyber Operational Readiness Inspection (CCORI)Identify systems and assets that are not sufficiently assessed through automated scanning or routine, periodic assessments and recommend and/or conduct customized, manual assessments of systems as required to ensure proper evaluation for compliance. Track and maintain Post Inspection Finding Remediation and Plan of Actions and Milestones (POA&M) Sta... more details
Cybersecurity Audit Analyst
Job LocationUS-VA-McLean
Posted Date19 hours ago(6/26/2024 1:25 PM)
Job ID
5452
Clearance Requirement
Public Trust
Overview
Steampunk is looking for a Cybersecurity Audit Analyst to support a government client. The primary responsibilities for the position are to introduce changes to streamline the audit-related activities and ensure improved efficiency and performance levels across audited activities such as audit logging, policy enforcement, and training. Analytical tasks mainly involve verification, interpretation, and making accurate inferences, eliminating/overcoming the inefficiencies or shortcomings and to improve the current systems in practice. Support includes Financial Statements Audits, A-123, DHS, OIG, and Internal Audits. This requires an individual with customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must also be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.
Contributions
Previous experience with Site Assistance Visits (SAVs) to ensure regulatory compliance with Command Cyber Operational Readiness Inspection (CCORI)
Identify systems and assets that are not sufficiently assessed through automated scanning or routine, periodic assessments and recommend and/or conduct customized, manual assessments of systems as required to ensure proper evaluation for compliance
Track and maintain Post Inspection Finding Remediation and Plan of Actions and Milestones (POA&M) Status Report for all inspections internal self assessments and external agency requirements; to include POA&Ms are documented with the most up to date statuses for milestone completion.
Validate remediation of the findings or submit the artifacts/or POA&Ms to inspecting organization for approval.
Perform technical, operational, and non-technical evaluation areas including, internal and external network infrastructure, Domain Name System (DNS), internal network vulnerability scan, wireless and mobile security, , configuration reviews, database security, Voice over Internet Protocol (VoIP), Voice over Secure Internet Protocol (VoSIP), Video Teleconference (VTC), exchange services, different operating systems (specifically UNIX, Windows, Linux), web servers, compliance directives.
Serve as primary point of contact for all audit-related activities
Delegate audit response tasks to Audit Analysts
Ensure all system security documentation, processes, and procedures within scope are current, complete, and have the appropriate approvals.
Coordinate with the Privacy Division to ensure all privacy compliance documentation and requirements are current, complete, and have the appropriate approvals.
Participate in any audit activities including but not limited to interviews, documentation requests, artifact requests
Ensure system support staff and ISSOs to create the Mission Action Plan resulting from Notice of Finding and Recommendation.
Track and provide status updates on all milestones documented in the Mission Action Plan.
Provide milestone remediation documentation as required.
Respond to any requests for clarification/information from the internal audit team and various other stakeholders to include but not limited to program system teams/developers, senior executive staff, and personnel security personnel.
Qualifications
Required
Ability to hold a position of public trust with the US government.
Master's Degree and 3 years of relevant experience in policy analysis, government relations, or related fields, with a focus on data policy, technology policy, cybersecurity, AI ethics, compliance, etc.; OR
Bachelor's Degree and 5 years of relevant experience; OR
No degree and 9 years of relevant experience
Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained.
Applies extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all system.
Experience reviewing contractual documentation and service agreements a plus.
Extensive specialized knowledge of financial audit standards, system IA requirements and Privacy Act requirements.
Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework.
Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines.
About steampunk
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
Refer a Friend
Need help finding the right job?
We can recommend jobs specifically for you!Click here to get started.
Job Abstracts is an independent Job Search Engine. Job Abstracts is not an agent or representative and is not endorsed, sponsored or affiliated with any employer. Job Abstracts uses proprietary technology to keep the availability and accuracy of its job listings and their details. All trademarks, service marks, logos, domain names, and job descriptions are the property of their respective holder. Job Abstracts does not have its members apply for a job on the jobabstracts.com website. Additionally, Job Abstracts may provide a list of third-party job listings that may not be affiliated with any employer. Please make sure you understand and agree to the website's Terms & Conditions and Privacy Policies you are applying on as they may differ from ours and are not in our control.
We would like to take a second to Welcome You to Job Abstracts, the nation’s largest Pure Job Board. With over 3.1 million job listings from 15,000+ Companies & Organizations, we help job searchers find careers that match their interests. As an anonymous user, you have probably discovered how easy our system is to use. However, you have just scratched the surface of what we can offer.
We encourage you to Register so you can use our most powerful features: searching with multiple terms, setting up multiple locations, establishing favorite companies, and accessing your search history. If you find a job you like, you can apply directly for it, and then, keep notes on it. We will also keep a lookout for jobs that match your search terms and email you when we find something you may like.
You can register for free and the system is free to use. If you like our system so far, click on Register and unlock the power required by serious job searchers.
Any time you conduct a search, the system shows you job matches, ranked by their Relevance Score (RS).
The score is calculated by a proprietary algorithm that uses Intelligent Machine Learning.
The Relevance Score tells you how well the job opportunity matches your search term or terms.
When not logged in, the system is limited to one search term. Scores for single term matches are usually lower.
When you register, log in, and set up multiple terms prioritized by importance, the jobs found for you will receive a much higher Relevance Score.