DIGIT is seeking a SME FISMA Security Analyst to support the federal compliance and governance requirements for all systems supported by the Task Order. The purpose of this role is to assist the DIGIT Director of Enterprise Security in the management and execution of GSA IT Enterprise Security Management and IT Continuity Management Services. As a leading provider of advanced information technology solutions and professional services to U.S. federal government agencies, is the prime for a $807m task order in support of the General Services Administration (GSA) Office of Digital Infrastructure Technologies (IDT) DIGIT (Digital Innovation for GSA Infrastructure Technologies) task order driving digital transformation and delivering continuous improvement and business value to its customers. The team is comprised of the best-in-class technology partners to leverage forward-leaning technologies and best practices to transform GSA's IT capabilities and shift offerings to provide a more flexible service delivery model, completing the agency's shift to a fully digital experience along with its adoption of advanced, emerging technologies such as intelligent automation, artificial intelligence, and machine learning. RESPONSIBILITIES This position shall perform the following (to include but not limited to) activities:
- Provides technical support to divisions and branches developing security architecture and supporting design and implementation of information technology security systems
- Supports research of new security products and services and supports the rollout of enterprise security solutions that leverage single Department-wide license agreements with new or existing vendors and service providers
- Leads developing, implementing, and maintaining enterprise-wide information security capabilities
- Analyzes the enterprise business models and IT systems to determine security risks and risk management considerations
- Defines enterprise- and system-level security requirements
- Proposes technical solutions for systems and applications-level security architecture and design
- Develops security plans, policies and procedures
Qualifications:CONTRACT REQUIRED QUALIFICATIONS This following are REQUIRED for this position:
- Ability to obtain a Public Trust Clearance and ITILv4 Foundation Certification
- Possesses and applies a comprehensive knowledge across key tasks and high impact assignments.
- Functions as a security expert across multiple project assignments.
- Proven ability to work independently in a full and/or partial remote environment with limited supervision and may supervise/lead others.
- Possess the ability to communicate in both oral and written forms, demonstrating an ability to communicate effectively with all levels of staff as well as clients.
- Maintain standard working hours per the DIGIT contract and to be available for meetings, and other collaborative efforts during working hours.
- Demonstrated ability to apply comprehensive knowledge across key tasks and high impact assignments with the ability to use practical experience and training to determine how to accomplish tasks.
CONTRACT DESIRED QUALIFICATIONS The following are DESIRED for this position:
- CISSP, CISA, CISM, Security+ or other relevant security certifications
- Familiarity with CUI requirements for unclassified IT systems a plus
- Must have track record of competency in obtaining initial A&A and reauthorization
- Familiarity with Unclassified network administration, specifically with:
- Network infrastructure and security best practices
- Local Area Network administration and maintenance, including user control and VPN access
- Firewalls
- Mobile Device Management
- Identity and Authentication Services Management
- Comfortable with Windows operating systems
- Willingness and ability to independently take on a variety of IT Compliance tasks
- Linux operating systems experience
- Familiarity in the Google Suite (Gmail, Calendar, Chat, Meet, Docs, Slides, Sheets), Microsoft Office (Word, Excel, PowerPoint, Outlook), Slack, and ServiceNow.
EDUCATION AND EXPERIENCE The following are the education and experience required for this position:
- 10 - 15 years of experience and bachelor's degree or equivalent
- Minimum 3-5 years direct experience with supporting FISMA and Financial Audit Requirements
- Minimum 3-5 years of direct experience supporting cybersecurity compliance and implementing steps to mitigate threats
- Minimum 3-5 years direct experience with continuous monitoring security expertise to business units and key stakeholders
- Minimum 3-5 years of direct experience creating and delivering end user-related briefings, training, policy, and/or compliance updates
- Experience as a remote worker demonstrating time management and self-discipline with cultural change management and Agile mindset.
PHYSICAL REQUIREMENTS The physical demands described below are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to do the following:
- If remote, maintain home workspace in a safe manner, free from safety hazards and in line with information security policies.
- Communicate verbally in person, over the phone or by video chat and clearly/succinctly in writing, primarily utilizing a keyboard.
- Appear on camera for meetings with co-workers and government partners via video chat and ensure the protection of proprietary company and customer information is consistent with the company's expectation of information security.
- Viewing computer screens and sitting for long periods of time.
- Travel is not required.
Clearance Level: No Clearance