Junior Infosec Compliance Analyst

Junior INFOSEC Compliance Analyst

Contract 9/80 Schedule 6-12+ months

US Citizen, Security Clearance is a plus

This role is onsite Hybrid, with a pay rate range of $70-$75 p/h

Job Profile Summary

The INFOSEC Compliance Analyst is responsible for ensuring compliance with industry regulations, laws, and internal policies. They assess and analyze the organization's processes, policies, and procedures to ensure that they are in line with the relevant standards and regulations.

Duties/Responsibilities ¿ Responsible for the implementation of Clients Governance Risk and Compliance (GRC) technology tool. ¿ Development and oversight of system security plans (SSPs), for systems/databases that contain, or will contain CUI.

This includes being liaison to engineers/corporate staff as key stakeholders relative to ownership of the SSPs. ¿ Support approved marketplace solutions (cloud & on premises) relative to cyber solutions and information technology platforms. ¿

Review of Clients supply chain cyber questionnaires and follow¿ up with vendors/contractors ensuring that Clients controlled unclassified information (CUI) is protected within those vendors¿/contractors¿ computing environments. ¿ Assist in corporate policy development, documentation, and socialization to ensure adherence to such policies, including refresh/overhaul relative to such policies. ¿ Drafting and implementation of procedures and standards pertaining to enterprise policies. 

Review of Clients supply chain cyber questionnaires and follow¿ up with vendors/contractors ensuring that Clients controlled unclassified information (CUI) is protected within those vendors¿/contractors¿ computing environments. ¿ Documenting information security control artifacts and follow up of plan of actions and milestones (PoAM) items to ensure compliance with various regulations, with particular focus on CUI. ¿ Identifier of risk relative to information/cyber risk, and measures regarding minimization of such risks. ¿ Performs other duties as assigned.

Skills/Abilities ¿ Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance. ¿ Knowledge of the following frameworks/compliance regimes; NIST, CMMC and Fed Ramp compliance. ¿ Understands risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture consideration. ¿ Able to learn and work on new domains and technology.

Knowledge of CUI and the control sets and documentation necessary for adherence to CUI management and safe keeping. ¿ Ability to think strategically about security risks and tie those to tactical organizational activities and goals. ¿ Ability to plan, research, and develop security policies, standards, and procedures. ¿ Ability to clearly articulate issues and communicate in an effective and personable manner. ¿ Able to build a network of relationships across functions and to inform and liaise with senior management.

Ability to develop relationships with the Federally Funded Research and Development (FFRDC) organizations. ¿ Processes development and implementation and standards expertise with insights into engineering models and tools. ¿ Familiar with NIST 800-171, 800-153, and CMMC frameworks and DFARS regulatory requirements.

L311 Education

Bachelor¿s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems, or related curriculum.

Experience 3-5 years of experience in Compliance and Risk Management Onsite preferred.  Possible hybrid work. Cambridge/Reston. Clearance preferred but not required.