FISMA Information Assurance Analyst
Location: Washington, DC
Duties:






Interact with clients and other external sources for the purpose of obtaining relevant information and
documents
Provide technical support for the process of verification and testing of existing security controls and
safeguards
Support for the resolution of existing SCAP items, including technical implementation, verification,
testing, and documentation
Provide technical support and input to support the completion of a modified NIST 800-26 risk
assessment and infrastructure review of existing security controls.
Provide technical expertise to support the initiation of the implementation of safeguards and
performance of the required FIPS 199, FIPS 200, NIST 800-26, NIST 800-53, and NIST 800 – 37
including verification testing and documentation suitable for IG audit and reviews.
Technically support the performance of three FISMA 2007/2008 quarterly reviews and annual
assessments in accordance with Public Law 107-347 (Title III) Federal Information Security
Management Act of 2002.
Qualifications:













Verification and testing of existing security controls and safeguards
Resolution of existing SCAP items, including implementation, verification, testing, and documentation
Completion of a modified NIST 800-26 risk assessment and infrastructure review of existing security
controls.
Preparation and submittal of other documentation as required by FISMA guidelines.
Initiation of the implementation of safeguards and performance of the required FIPS 199, FIPS 200,
NIST 800-26, NIST 800-53, and NIST 800 – 37 including verification testing and documentation
suitable for IG audit and reviews.
Perform three FISMA 2007/2008 quarterly reviews and annual assessments in accordance with
Public Law 107-347 (Title III) Federal Information Security Management Act of 2002.
Prepare and provide briefings to senior management outlining the current state of existing security
controls and safeguards, confirming effort estimates and scope for additional project phases, and
providing progress reports.
Provide recommendations for resolving the existing SCAP items
Ensure that the risk assessment and infrastructure review of existing security controls to identify the
available safeguards is completed and will implement the safeguards and perform the required FIPS
199, FIPS 200, NIST 800-26, NIST 800-53, NIST 800 – 37 verification testing, documentation suitable
for IG audit and reviews.
Experience with relevant federal (e.g., FISMA, FISCAM, DITSCAP, Privacy Act, HIPAA), NIST 800
Series, OMB, and FIPS information technology security regulations, policies and procedures
Knowledge of Sarbanes-Oxley Section 404 and/or OMB Circular A-123 documentation, testing and
reporting requirements
CISSP, CISM, CISA preferred
Bachelor of Science/Business Administration with a concentration in Math, Computer Science, Information
Systems, Finance, Accounting or Business Administration; Masters in Accounting or Information Systems,
or MBA a plus
Clearance Required:
Applicants selected will be subject to a security investigation and must meet eligibility requirements for
access to classified information. The successful candidates must have a minimum current Top Secret
Clearance.