IT Risk Management Analyst / Security Control Analyst

US-CO-Fort Collins
ID
2017-5873

Overview

ASRC Federal Vistronix is actively seeking an IT Risk Management Analyst to join our team.  The selected candidate will support a government client in Fort Collins, CO as a key member of a program support team for an enterprise-level software development initiative.

 

Would you like to be part of a dynamic team of dedicated software professionals?  Are you concerned about protecting our Nation’s natural resources?  We need people who are committed to action.  People who want to apply their education and experience to make sure that all of us enjoy the benefits of productive soil, clean water, clean air, and abundant wildlife that come from a healthy environment.

 

Natural resource conservation is an effort of Federal and State agencies, universities, and professional societies to deliver science-based information to land owners.  Join us to build the technology to help people understand, preserve and increase the productivity of our natural resources.

 

Responsibilities

Responsibilities:

 

This position requires knowledge of effective and efficient management of IT risk and controls, to ensure that regulatory and compliance requirements are met throughout the Software Development Life Cycle (SDLC).  The candidate will be responsible for:

  • Developing and nurturing trusted relationships with the IT Project Managers who are responsible for NRCS applications
  • Performing interviews, walkthroughs and risk assessments for key controls on new and existing applications throughout the SDLC to ensure that IT regulatory requirements are being effectively met (i.e., designed, tested and deployed)
  • Ensuring that existing controls are accurately documented in procedures and Application Security Profiles (ASPs), with current evidence of effective operation
  • Documenting Privacy Impact Assessments (PIAs) for web applications
  • Cultivating respect and trust from Security, Privacy and Compliance team members with regards to compliance strategies and remediation of findings
  • Conducting periodic interim risk assessments with IT Project Managers
  • Understanding the broad regulatory landscape affecting IT Security and Privacy and remaining current with emerging regulatory requirements (e.g., Revision 4 of NIST SP 800-53) as well as the current solution trends in the marketplace

Qualifications

 

Education and Experience:  

  • Bachelor’s degree (computer science or related)
  • 5+ years of business related experience
  • 4+ years in Technology Risk, IT Audit, and/or Information Security, including the assessment of applications against regulatory requirements, for new software development projects and existing applications that are in the maintenance phase of their lifecycle
  • Desired to have active Certified Information Systems Auditor (CISA) certification, with CIPP/G certification also desired

 

Required Skills and Competencies:

  • Strong communication, interpersonal and organizational skills, including the ability to write in clear, concise language
  • Ability to multi-task, work both independently and as part of a team in a dynamic, fast-paced work environment
  • Familiarity with government systems and operations – prior government work experience (contractor or federal) preferred
  • Proficiency with MS Office Suite, including Word, Excel and PowerPoint
  • Experience with using MS Project and VISIO

 

Desired Skills:

  • Understanding of application of security controls as defined in NIST SP 800-53
  • Understanding of privacy requirements (i.e., the Privacy Act of 1974)
  • Able to apply sound judgment, pragmatic thinking and tact in complex projects
  • Experience with enterprise-level IT Risk Management and /or IT Audit functions
  • Excellent communicator with strong client relationship focus when working with IT Project Managers, enterprise architects, and information security engineers to articulate options to mitigate risk
  • Active Project Management Professional (CAPM or PMP) certification preferred

 

Successful candidate is subject to a background investigation by the government and must be able to meet the requirements to hold a position of Public Trust.

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

 

~CJ~

 

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed