Responsibilities:

Performs advanced information security analysis work. Researches, evaluates, and recommends security controls and procedures for the appropriate protection and reduction of risk for information resources. Work involves planning, implementing, and monitoring security measures for information systems and infrastructure to regulate access to information resources and to prevent unauthorized modification, destruction, or disclosure of information. Evaluates business objectives and advises business partners on the security and compliance requirements as well as the risks within various business initiatives. Develops, recommends and evaluates the implementation of plans designed to safeguard information systems and information resources against accidental or unauthorized modification, destruction, or disclosure for agency administered systems as well as third party administered systems. Develops, monitors, evaluates, and maintains system security plans and corrective action plans to ensure the protection of information systems and information resources from unauthorized users.  

Qualifications:

Required Skills/Experience:

Years     Skills/Experience

4              Experience in information technology, security risk and compliance management, assessment, auditing, research and/or consulting. 

4              Must have experience in performing information technology, security risk and compliance assessments for Federal systems. 

4              Experience in researching, authoring or supporting development of information security policies and standards. 

Preferred Skills/Experience:

2              Experience using or implementing an eGRC platform (e.g. RSA Archer) is desirable. 

2              Experience developing security and risk performance metrics and reporting dashboards for executive, business and technical audiences is highly desirable.