SAIC is looking for an Information Assurance Analyst to join our team supporting an important US government agency in the National Capital Region. This is an exciting opportunity to work with a team responsible for responding to IT auditors and helping to coordinate responses to annual audit findings impacting the security of the IT infrastructure. The Information Assurance Analyst will provide support to IT management in processing and analyzing audit findings and developing responses that address the core issues. Specifically, this job requires the following:
- Provide support, analysis, research, and advice into exceptionally complex problems, and processes relating to IT Audit and IT infrastructure security.
- Correlate findings resulting from audits conducted using the Federal Information System Controls Audit Manual (FISCAM) to National Institute of Standards and Technology (NIST) security controls developed under the Federal Information Security Management Act (FISMA).
- Develop responses to auditors' Notification of Findings and Recommendations (NFR) to include risk assessments, corrective actions, and descriptions of risk-based decisions.
- Research and compile evidence in support of responses to security-related audits. Provide support for third-party audits performed by the OIG (annual financial statement and FISMA audits, penetration tests, other external regulatory agencies, and internal oversight elements.
- Process time-sensitive requests for “Provided by Client” information including artifacts, interviews, tests, demonstrations and walkthroughs. Coordinate each request with appropriate stakeholders to obtain the requested materials, review for quality and completeness, submit for conveyance to the auditors, and maintain detailed records as to what was requested and what was provided.
- Draft audit finding closure memos, responses to auditor reports (including the Annual FISMA audit report), and other audit related documentation.
- Support the PM by providing information for status reports, status briefings, schedules, project plans, etc., both in written and oral form.
- Support and coach the more junior team members, perform quality reviews and oversight as needed, and help ensure that the team provides deliverables of impeccable quality.
EDUCATION & EXPERIENCE:
· Bachelor's degree with 5 years or Master's with 3 years of relevant IT Audit/Security experience in a technical environment with a variety of IT systems. At least five of those years of experience must be leading the support of IT audit responses.
· At least two (1) years' experience working for or directly supporting an Inspector General of a Federal agency.
· Security certification (current)
· Experience conducting IT Audits using FISCAM processes and procedures
· Demonstrated understanding of Office of Management and Budget (OMB) circulars A-123 and A-130, Federal Manager's Financial Integrity Act (FMFIA), and National Institute of Standards and Technology (NIST) Risk Management and Cybersecurity Frameworks
· Familiarity with Governance, Risk and Compliance (GRC) frameworks and tools, such as, RSAM, CSAM, or experience with SA&A tools, such as Xacta.
· Ability to tailor information security processes and tools, based on ever evolving and changing landscapes, doctrine, and risk scenarios.
· Proficiency in performing work in a federal agency that has both FISMA and GAO compliance requirements.
· Fluency in both spoken and written English, including the ability to work with highly technical and specialized content. Must be able both prepare and deliver such content, verbally and in writing, but also comprehend such content from others, in both spoken and written form.
· Ability to prepare deliverables with sufficient quality such that very few minor, or no, edits are required to be made prior to conveyance to the client.
· Quickly review the work products of others, employ your own knowledge of federal security doctrine, and ensure that timely and accurate feedback and recommended edits are delivered to the author(s). All work products should be ready for delivery to the client after only one review has been performed.
· Ability to work in a fast-paced environment
· Outstanding customer service skills
· Ability to document processes as needed.
· Proficiency in explaining complex policies and protocols in simple terms.
· Stay up-to-date on information technology trends and security standards.
· Excellent analytical thinking and problem-solving skills to be able to assess potential risks and developing possible solutions.
Candidates for consideration must be eligible to obtain and maintain a Public Trust clearance.
DESIRED SKILLS: A solid understanding of IT security tools and concepts. A good working understanding of and technical experience in IT platforms such as Microsoft, Cisco, Oracle, etc. are also a plus.
Apply on company website