IT Systems Compliance Analyst

Job Title:

IT Systems Compliance Analyst

Location: Remote

Duration: 6 Months

Project:
This position is responsible for monitoring our compliance programs for Infrastructure Services. This includes overseeing and evaluating government and commercial product and program regulations and requirements to promote and sustain organization integrity. The position is also responsible for identifying, defining, communicating, and managing the compliance program requirements and key performance indicators for government and commercial business.

• IT Systems Compliance Analysts are responsible for maturing the Compliance Program.
• Resource will interface with various audit and security personnel, providing policies, procedures, and device evidence required for specific platforms.
• Collaboration with technology owners on application of policies, procedures and audit requirements.
• Interpret policies and procedures for accuracy and technical sensibility.
• Manage documentation and evidence repositories for access during audit events (Automated Scans, Manual Scripting, etc.).
• Develop policies and procedures and ensure that the current procedures are updated with current information and available for review for compliance with CMS, ARS, HITRUS, SOC2, DISA policies, procedures, and standards.
• Ability to navigate the DOD DISA public-facing site to include the STIGS Document Library & the STIG Viewer application (xccdf).
• Participate in discussions with all levels of leadership to articulate current state of the program.
• Advise on mitigation and remediation strategies for any variances or ensure they are documented in a Corrective Action Plan (CAP).
• Perform hardware and software evaluations to maintain established baseline integrity.
• Provide evidence to assist with internal and external audits.
• Ensure self-inspection checklists are completed against policies, procedures, and evidence for compliance audits.
• Ensure self-inspection checklists are completed against defined infrastructure platform baselines.
• Gather evidentiary documentation to support audit findings from compliance audits periodically throughout the year.
• Ability to navigate a SQL relational database: clauses, expressions, predicates, queries, and statements.
• Working experience with excel.
• Other duties as assigned.

• Four or more years demonstrated proficiency and experience in design, implementation, administration, monitoring and troubleshooting technology.
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management
• Competent working in one or more environments highly integrated with an operating system.
• Extensive experience implementing and administering/managing technical solutions in major, large-scale system implementations.
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Ability to manage tasks independently and take ownership of responsibilities.
• Ability to learn from mistakes and apply constructive feedback to improve performance.
• Ability to communicate technical information clearly and articulately.
• Ability to adapt to a rapidly changing environment.
• Proficient working with various audit infrastructure tools/technologies such as Nessus, ACAS, and Nexpose.
• Knowledge of audit and assessment activities and processes such as configuration management
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles

• 3-5 years of related work experience or equivalent combination of transferable experience demonstrating proficiency and experience in design, implementation, monitoring and troubleshooting technology.

• Related Bachelor's degree in an IT related field or relevant work experience.

• Experience as a primary liaison between Infrastructure Service organizations, Audit and Security organizations.
• Managed requirements within simultaneous two-three audits.
• This position has some accountability to consult independently with operational areas and senior leadership across the Enterprise.
• Identifying, defining, communicating, and managing the compliance audit program requirements and performance indicators - such as security controls from NIST
  800-53 and DISA STIGs
• Certifications:
  
  Comptia Security Plus or CISSP.

Position is offered by a no fee…