IT Compliance Analyst

Client Solution Architects (CSA) is seeking an IT Compliance Analyst to join our growing company in support of our Navy client onsite at our Pensacola, FL location. We are looking for someone to provide support utilizing the RMF Process Guide (Security Plan Approval, Security Assessment Plan (SAP) Approval, System Assessment Report (SAR) Approval, Security Assessment Package Approval, and Continuous Monitoring) for several ATO packages. Job Type: Full-time. How Role Will Make An Impact This person will provide package support per Naval Education and Training Commands continuous monitoring guidance. Establish periodic meetings/Meet with NETC Cyber RMF Team to discuss RMF timelines, tasks, and deliverables. Maintain eMASS Record. Maintain Key artifacts (Package hardware/software lists, diagrams, etc.). Maintain other artifacts required by RMF/eMASS (Categorization Form, Contingency Plan (CP), Disaster Recovery Plan (DRP), Incident Response Plan (IRP), Vulnerability and Patch Management Plan, Privacy Impact Assessment (PIA), System Level Continuous Monitoring (SLCM) Strategy). Ensure monthly scans are conducted per SCA Testing Guidance. Ensure all assets in Hardware are scanned and credentialed. Process scans utilizing the eMASSter tool. Ensure all applicable STIGS are conducted for all assets in the Hardware List. Ensure all quarterly updated applicable STIGs from DISA website are implemented. Review findings and associate each with applicable affected security control. Update POAM items (See POAM Section). Web Risk Assessment (WRA) Scan (if applicable). ATO Modifications (Use Case). Requirements Clearance: Must possess and maintain an active Secret Clearance and be able to meet security investigation and eligibility requirements for access to classified information. Minimum Education: High School Diploma or equivalent. Three (3) or more years of experience executing the NIST Risk Management Framework (RMF) and/or the DoD Information Assurance baseline certification at IAM Level I or a higher-level certification is required. Acceptable certifications include Security+ CE, CAP, CND, GSLC, Cloud+, and HCISPP. IA Contractor Training and Certification and Computing Environment (CE) certification may be required at the task order level. Assurance Certification and Accreditation Program (DIACAP). Supporting the security Assessment and Authorization/ATO process. Experience with reviewing, comprehending and documenting findings from ACAS (Assured Compliance Assessment Solution) Reports. Experience with SCAP (Security Content Automation Protocol). Experience with DoD Architecture Framework (DoDAF) standards and assessments of enterprise information security architecture, processes, procedures, activities, and operations. Experience with performing cyber security risk assessments and identifying, verifying, and consolidating specific vulnerabilities, causes, analysis of alternatives and identifying appropriate corrective actions from each risk assessment conducted. Experience with evaluation of Security Technical Implementation Guides (STIGs) to determine applicability to systems and assets. Functional expertise with Microsoft Office suite of products, including Word, Excel, PowerPoint, Visio, and Project. What Sets You Apart BA or BS degree from an accredited institution in a related field (e.g., Management Information Systems, Information Technology, Computer Science, Math, Business, Engineering, or Physical Science). Prior experience with DoD Information Assurance Certification and Accreditation Program (DIACAP). IT project management experience supporting Navy or DoD network systems. Excellent oral and written communication skills, including drafting, reviewing, and editing technical graphs, briefs, or documents. Evidence of being detail oriented with strong critical thinking in areas of IT process analysis / process improvement. Possesses good team skills having the ability to coordinate and work well with others. Working knowledge of Microsoft Visio, including the ability to create and maintain detailed diagrams and workflow visualizations in support of operational and technical requirements. Physical Requirements Sit for extended periods of time and work at a computer workstation. Use hands and fingers to operate keyboards, mice, and other input devices. Communicate effectively, both verbally and in writing. Specific vision abilities required may include close vision, distance vision, depth perception, and the ability to adjust. Stand, walk, bend, or reach; access equipment located in data centers, offices, or under desks. Lift and/or move equipment weighing up to 25 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions, in accordance with the Americans with Disabilities Act (ADA). #J-18808-Ljbffr