The Cybersecurity Audit Analyst provides support to the Indian Health Service (IHS) Division of Information Security (DIS). This position provides program level support in the tracking and remediation of noted deficiencies by coordinating with and responding to internal and external auditors.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.
Assists in responding to requests for information from outside auditors. Implements a process and program to gather and track responsive information.
Implements an effective weakness remediation process, to include reporting and oversight that is aligned with Federal, Department, and Agency policy. Creates a process to track and report remedial actions, Plan of Action and Milestones (POA&Ms), on a quarterly basis.
Monitors the POA&M process. Contacts system owners to confirm remediation projects are progressing as planned and notifies appropriate parties of upcoming deadlines.
Implements a POA&M tracking tool and ensures it is up-to-date.
Ensures that questions, concerns and issues are addressed and communicated appropriately and in a timely manner.
Researches information, policies and practices to appropriately respond to complicated customer related questions.
Assists in meeting mandates, directives, reporting, and other security-related processes with respect to Federal regulations such as FISMA; OMB Circular A-123; Health Insurance Portability and Accounting Act (HIPAA); OMB mandates; Homeland Security Presidential Directives (HSPD); Federal Information Processing Standards (FIPS); NIST guidance implementation, oversight and compliance including for example: 800-53 Security Controls, 800-37 Certification and Accreditation, 800-30 Risk Assessments; HHS and Agency directives, guidance and reporting requirements; and industry, “best practices and guidance.” This assignment will include significant research, evaluation, recommendation, and documentation development such as security assessment reports, methodologies, briefings, and presentations.
Drives regular audit updates within the department to ensure alignment to audit findings and best practices.
Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.
EDUCATION / EXPERIENCE
Bachelor’s degree in a major field of study, such as computer science, and two (2) years’ of experience; or equivalent combination of education / experience. Experience in interpreting federal security guidance such as FISMA, FIPS, NIST Special Publications, OMB Mandates, and other federal requirements. Experience with the federal Certification and Accreditation process including conducting reviews such as Security Control Testing and Evaluation (ST&Es), tracking progress, and defining POA&Ms.
CERTIFICATES / LICENSES / REGISTRATION
CISSP, SANS GIAC, Security+, Network+, Linux+, MCSE, CCNA or SSCP certifications preferred
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Familiar with OMB, FISMA, FIPS, HIPAA and other federal regulations and requirements associated with Information Security
Strong written and verbal communications skills with ability to prepare quality reports, presentations, summaries and analysis
Strong interpersonal skills applied to interactions with all levels of authority
Ability to read, analyze, develop and interpret common information systems security documents
Ability to present ideas in business-friendly and user-friendly language
Highly self-motivated and directed
Keen attention to detail
Team-oriented and skilled in working within a collaborative environment
Ability to calculate figures and amounts such as discount, interest, commission, proportions, percentages, area, circumference and volume. Ability to apply concepts of basic algebra and geometry.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interrupt an extensive variety of technical instructions in mathematical or diagram from and deal with several abstract and concrete variable.
Ability to read analyze and interpret common and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publications that conform to prescribed styles and format. Ability to effectively present information to top management, public groups, and / or boards of directors.
SPECIAL PHYSICAL DEMANDS
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.
Federal Information Security Management Act
Comp Tia Linux+
Federal Information Processing Standards (Fips)
Systems Security Certified Practitioner
Certified Information Systems Security Professional