Information Security Analyst
DLH Corp - Silver Spring, MD
Employment Type : Full-Time
Overview: DLH Corporation serves federal government clients throughout the United States and abroad delivering technology enabled solutions in key health and human services programs. The Company's core competencies include secure data analytics and statistics, clinical trials and laboratory services, a full suite of public health research offerings, performance evaluation, system modernization, operational logistics and readiness, and strategic digital communications. DLH has over 2,000 employees serving numerous government agencies. DLH’s portfolio consists of Defense & Veteran Health Solutions, Human Services Solutions and Public Health & Life Sciences.
DLH is seeking an Information Security Control Assessor/Internal Auditor with extensive knowledge of the NIST SP 800-37 Risk Management Framework (RMF), NIST SP 800-53 Security and Privacy Controls, and NIST SP 800-30 Guide for Conducting Risk Assessments. This incumbent is responsible for assessing an organization's efficiency as measured by the level of its quality and risk management systems and its overall business practices against one or more FISMA, ISO 27001, CMMC, FedRAMP, HIPAA, SOX, and 21 CFR Part 11 Standards.
Responsibilities:
- Subject Matter Expert (SME) in interpreting NIST SP 800-53, 800-30, 800-37, 800-53A, 800-60, 800-115, 800-137, FIPS199 (and related OMB and NIST guidance).
- Create systems and applications security test plans and perform hands-on security testing leveraging adversarial tactics, analyzing test results and suggesting mitigation plans for security vulnerabilities.
- Develop, maintain, and oversee enterprise-wide information security documentation for information systems, consistent with applicable regulatory and compliance requirements including, but not limited to, FISMA, ISO 27001, CMMC, FedRAMP, HIPAA, SOX, and 21 CFR Part 11.
- Conduct system continuous monitoring activities, system and environment changes, ongoing assessments, ongoing risk response, authorization package updates, security and privacy reporting, ongoing authorization and system disposal.
- Provide hands on support during information security audits, whether performed internally or by third-party personnel. Provide support with investigation and mitigation in areas of risk or non-compliance.
- Support coordination efforts with internal IT control owners and external auditors on audit request, walkthroughs, testing and evaluation of deficiencies.
- Participate and support planning and execution aspects of various operational technology and cybersecurity audit projects.
- Develop risk and controls matrix leveraging leading industry frameworks and open-source technical guidance materials.
- Support planning and execution of select internal initiatives and advisory projects.
- Build subject matter expertise in industry areas and stay up to date on emerging regulatory and industry developments impacting major business process, risk, and controls areas
- Performs vulnerability/risk assessment analysis to support certification and accreditation.
Qualifications: SKILLS:
- A technical understanding of networking concepts, Active Directory, group policy objects, various operating systems, web applications, networking devices (routers, switches, firewalls, IDS and IPS), storage, databases, virtualization and cloud technologies.
- Detail-oriented and self-motivated.
- Excellent problem-solving and analytical skills.
- Strong written communication skills with experience creating security assessment plans, security assessment reports, and executive-level briefings.
- Ability to work in a highly collaborative team environment.
*
QUALIFICATIONS: *
- Demonstrated experience testing security controls of information systems and applications, identifying vulnerabilities and providing security remediation.
- Bachelor's degree in a computer-related field with a minimum of six years of relevant information security experience; can be substituted with a minimum of ten years of relevant information security experience.
- Professional information security certification preferred, such as CISSP, C|EH, Sec+, CAP.
Silver Spring or Durham preferred; open to all locations.
DLH is committed to fostering a diverse workforce and is proud to be an Affirmative Action/Equal Opportunity Employer of Minorities/Women/Protected Veterans/Individuals with Disabilities. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, age, national origin, veteran status, disability, or any other classification protected by law.
Location: 8757 Georgia Avenue,12th Floor, Silver Spring, MD 20910
Job Type: Full-time