IT Systems Compliance Analyst
Spectraforce
Jacksonville, Florida
Remote
3 hours ago
Job Description
Job Title: IT Systems Compliance Analyst
Location: Remote
Duration: 6 Months
Job Description:
Project: This position is responsible for monitoring our compliance programs for Infrastructure Services. This includes overseeing and evaluating government and commercial product and program regulations and requirements to promote and sustain organization integrity. The position is also responsible for identifying, defining, communicating, and managing the compliance program requirements and key performance indicators for government and commercial business.
Description:
IT Systems Compliance Analyst are responsible for monitoring our compliance programs for Infrastructure Services. This includes overseeing and evaluating government and commercial product and program regulations and requirements to promote and sustain organization integrity. The position is also responsible for identifying, defining, communicating, and managing the compliance program requirements and key performance indicators for government and commercial business.
• IT Systems Compliance Analysts are responsible for maturing the Compliance Program.
• Resource will interface with various audit and security personnel, providing policies, procedures, and device evidence required for specific platforms.
• Collaboration with technology owners on application of policies, procedures and audit requirements
• Interpret policies and procedures for accuracy and technical sensibility.
• Manage documentation and evidence repositories for access during audit events (Automated Scans, Manual Scripting, etc.).
• Develop policies and procedures and ensure that the current procedures are updated with current information and available for review for compliance with CMS, ARS, HITRUS, SOC2, DISA policies, procedures, and standards.
• Ability to navigate the DOD DISA public-facing site to include the STIGS Document Library & the STIG Viewer application (xccdf).
• Participate in discussions with all levels of leadership to articulate current state of the program.
• Advise on mitigation and remediation strategies for any variances or ensure they are documented in a Corrective Action Plan (CAP).
• Perform hardware and software evaluations to maintain established baseline integrity.
• Provide evidence to assist with internal and external audits.
• Ensure self-inspection checklists are completed against policies, procedures, and evidence for compliance audits.
• Ensure self-inspection checklists are completed against defined infrastructure platform baselines.
• Gather evidentiary documentation to support audit findings from compliance audits periodically throughout the year.
• Ability to navigate a SQL relational database: clauses, expressions, predicates, queries, and statements.
• Working experience with excel
• Other duties as assigned.
Additional Required Qualifications:
• Four or more years demonstrated proficiency and experience in design, implementation, administration, monitoring and troubleshooting technology.
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management
• Competent working in one or more environments highly integrated with an operating system.
• Extensive experience implementing and administering/managing technical solutions in major, large-scale system implementations.
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Ability to manage tasks independently and take ownership of responsibilities.
• Ability to learn from mistakes and apply constructive feedback to improve performance.
• Ability to communicate technical information clearly and articulately.
• Ability to adapt to a rapidly changing environment.
• Proficient working with various audit infrastructure tools/technologies such as Nessus, ACAS, and Nexpose.
• Knowledge of audit and assessment activities and processes such as configuration management
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles
Requirements:
Top Three Required Skills:
1. Experience implementing and supporting the following Security Frameworks: NIST 800-53, DISA Security requirements, CIS, HITRUST, PCI for a major operating system or component such as FW, RHEL, Windows, DB, WEB in a large enterprise environment. Must be able to create/produce evidence for documentation purposes and provide analysis (not just data collection).
2. Familiarity with basic enterprise audits, including SOC2, FISMA, MAC ARS, DOD
3. Experience interfacing with internal and external auditors.
Required Experience:
•3-5 years of related work experience or equivalent combination of transferable experience demonstrating proficiency and experience in design, implementation, monitoring and troubleshooting technology
Required Education:
•Related Bachelor's degree in an IT related field or relevant work experience
Preferred:
1. Experience as a primary liaison between Infrastructure Service organizations, Audit and Security organizations.
2. Managed requirements within simultaneous two-three audits.
3. This position has some accountability to consult independently with operational areas and senior leadership across the Enterprise.
4. Identifying, defining, communicating, and managing the compliance audit program requirements and performance indicators. – such as security controls from NIST800-53 and DISA STIGs
5. Certifications: Comptia Security Plus or CISSP
Position is offered by a no fee agency.
Location : Remote
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $55.00/hr.
Location: Remote
Duration: 6 Months
Job Description:
Project: This position is responsible for monitoring our compliance programs for Infrastructure Services. This includes overseeing and evaluating government and commercial product and program regulations and requirements to promote and sustain organization integrity. The position is also responsible for identifying, defining, communicating, and managing the compliance program requirements and key performance indicators for government and commercial business.
Description:
IT Systems Compliance Analyst are responsible for monitoring our compliance programs for Infrastructure Services. This includes overseeing and evaluating government and commercial product and program regulations and requirements to promote and sustain organization integrity. The position is also responsible for identifying, defining, communicating, and managing the compliance program requirements and key performance indicators for government and commercial business.
• IT Systems Compliance Analysts are responsible for maturing the Compliance Program.
• Resource will interface with various audit and security personnel, providing policies, procedures, and device evidence required for specific platforms.
• Collaboration with technology owners on application of policies, procedures and audit requirements
• Interpret policies and procedures for accuracy and technical sensibility.
• Manage documentation and evidence repositories for access during audit events (Automated Scans, Manual Scripting, etc.).
• Develop policies and procedures and ensure that the current procedures are updated with current information and available for review for compliance with CMS, ARS, HITRUS, SOC2, DISA policies, procedures, and standards.
• Ability to navigate the DOD DISA public-facing site to include the STIGS Document Library & the STIG Viewer application (xccdf).
• Participate in discussions with all levels of leadership to articulate current state of the program.
• Advise on mitigation and remediation strategies for any variances or ensure they are documented in a Corrective Action Plan (CAP).
• Perform hardware and software evaluations to maintain established baseline integrity.
• Provide evidence to assist with internal and external audits.
• Ensure self-inspection checklists are completed against policies, procedures, and evidence for compliance audits.
• Ensure self-inspection checklists are completed against defined infrastructure platform baselines.
• Gather evidentiary documentation to support audit findings from compliance audits periodically throughout the year.
• Ability to navigate a SQL relational database: clauses, expressions, predicates, queries, and statements.
• Working experience with excel
• Other duties as assigned.
Additional Required Qualifications:
• Four or more years demonstrated proficiency and experience in design, implementation, administration, monitoring and troubleshooting technology.
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management
• Competent working in one or more environments highly integrated with an operating system.
• Extensive experience implementing and administering/managing technical solutions in major, large-scale system implementations.
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Ability to manage tasks independently and take ownership of responsibilities.
• Ability to learn from mistakes and apply constructive feedback to improve performance.
• Ability to communicate technical information clearly and articulately.
• Ability to adapt to a rapidly changing environment.
• Proficient working with various audit infrastructure tools/technologies such as Nessus, ACAS, and Nexpose.
• Knowledge of audit and assessment activities and processes such as configuration management
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles
Requirements:
Top Three Required Skills:
1. Experience implementing and supporting the following Security Frameworks: NIST 800-53, DISA Security requirements, CIS, HITRUST, PCI for a major operating system or component such as FW, RHEL, Windows, DB, WEB in a large enterprise environment. Must be able to create/produce evidence for documentation purposes and provide analysis (not just data collection).
2. Familiarity with basic enterprise audits, including SOC2, FISMA, MAC ARS, DOD
3. Experience interfacing with internal and external auditors.
Required Experience:
•3-5 years of related work experience or equivalent combination of transferable experience demonstrating proficiency and experience in design, implementation, monitoring and troubleshooting technology
Required Education:
•Related Bachelor's degree in an IT related field or relevant work experience
Preferred:
1. Experience as a primary liaison between Infrastructure Service organizations, Audit and Security organizations.
2. Managed requirements within simultaneous two-three audits.
3. This position has some accountability to consult independently with operational areas and senior leadership across the Enterprise.
4. Identifying, defining, communicating, and managing the compliance audit program requirements and performance indicators. – such as security controls from NIST800-53 and DISA STIGs
5. Certifications: Comptia Security Plus or CISSP
Position is offered by a no fee agency.
Location : Remote
Applicant Notices & Disclaimers
- For information on benefits, equal opportunity employment, and location-specific applicant notices, click here
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $55.00/hr.