The Mid Information Assurance Analyst is responsible for working across teams to evaluate packages for completeness and their readiness to undergo assessment, drive key aspects of continuous monitoring requirements, and contribute to continuous improvements within the FedRAMP program. This effort includes refining processes where needed to attain and maintain FedRAMP certification, leading related communications and enablement, and managing overall program governance and documentation.
Participate in rapid assessment teams to identify gaps, risks and remediations for information system
Identify FedRAMP Boundary components in customer deployments
Coordinate with internal stakeholder engineering teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements
Perform vulnerability and compliance scanning, when necessary, to analyze results, provide assessments and reviews
Audit security control to ensure compliance with cloud requirements and governance models
Support the development of technical material, operational processes, security policies, and other core documents
Manage compliance metrics
Manage and track Plans of Action and Milestones (POA&Ms)
Required skills and experience:
Experience writing technical documentation and knowledge of Cloud and Security concepts (including FIPS 199, NIST 800 Series REV 4, FISMA A&A, continuous monitoring, and POA&M management)
Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
Understanding of Third-party Assessment Organizations (3PAO)
FISMA (Federal Information Systems Management Act)
NIST RMF (Risk Management Framework) Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
Privacy Impact Assessment (PIA)
Minimum 4 yrs experience and Bachelor’s degree in Computer Science, Information Technology or related discipline.
CISSP, CISA, CISM, GSNA, or similar cybersecurity or information security certification
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.