Job Abstract

Job ID

5440

Clearance Requirement

Public Trust

Steampunk is looking for a Cybersecurity Audit Program Modernization Analyst to support a government client. The primary responsibilities for the position are to introduce changes to streamline the audit-related activities and ensure improved efficiency and performance levels across audited activities such as audit logging, policy enforcement, and training. Analytical tasks mainly involve verification, interpretation, and making accurate inferences, eliminating/overcoming the inefficiencies or shortcomings and to improve the current systems in practice. Support includes Financial Statements Audits, A-123, DHS, OIG, and Internal Audits. This requires an individual with customer service skills, and the ability to be flexible and adaptive to a fast-paced, fluid business environment. The candidate must also be able to communicate effectively and decisively with all levels of the organization and be able to solve practical problems as well as exercise sound judgement with regards to sensitive and confidential information.

• Previous experience with Site Assistance Visits (SAVs) to ensure regulatory compliance with Command Cyber Operational Readiness Inspection (CCORI)
• Identify systems and assets that are not sufficiently assessed through automated scanning or routine, periodic assessments and recommend and/or conduct customized, manual assessments of systems as required to ensure proper evaluation for compliance
• Track and maintain Post Inspection Finding Remediation and Plan of Actions and Milestones (POA&M) Status Report for all inspections internal self assessments and external agency requirements; to include POA&Ms are documented with the most up to date statuses for milestone completion.
• Validate remediation of the findings or submit the artifacts/or POA&Ms to inspecting organization for approval.
• Perform technical, operational, and non-technical evaluation areas including, internal and external network infrastructure, Domain Name System (DNS), internal network vulnerability scan, wireless and mobile security, , configuration reviews, database security, Voice over Internet Protocol (VoIP), Voice over Secure Internet Protocol (VoSIP), Video Teleconference (VTC), exchange services, different operating systems (specifically UNIX, Windows, Linux), web servers, compliance directives.
• Serve as primary point of contact for all audit-related activities
• Delegate audit response tasks to Audit Analysts
• Ensure all system security documentation, processes, and procedures within scope are current, complete, and have the appropriate approvals.
• Coordinate with the Privacy Division to ensure all privacy compliance documentation and requirements are current, complete, and have the appropriate approvals.
• Participate in any audit activities including but not limited to interviews, documentation requests, artifact requests
• Ensure system support staff and ISSOs to create the Mission Action Plan resulting from Notice of Finding and Recommendation.
• Track and provide status updates on all milestones documented in the Mission Action Plan.
• Provide milestone remediation documentation as required.
• Respond to any requests for clarification/information from the internal audit team and various other stakeholders to include but not limited to program system teams/developers, senior executive staff, and personnel security personnel.

Required

• US Citizen Only
• Ability to hold a position of public trust with the US government.
• Master's Degree and 3 years of relevant experience in policy analysis, government relations, or related fields, with a focus on data policy, technology policy, cybersecurity, AI ethics, compliance, etc.; OR
  • Bachelor's Degree and 5 years of relevant experience; OR
  • No degree and 9 years of relevant experience
• Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained.
• Applies extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all system.
• Experience reviewing contractual documentation and service agreements a plus.
• Extensive specialized knowledge of financial audit standards, system IA requirements and Privacy Act requirements.
• Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework.
• Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines.

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.