IA Governance Support Analyst
As Governance Support Analyst, you will support and establish a framework for consistently collecting, analyzing, and distributing guidance, materials, and knowledge throughout Federal Government Client. These security documents are developed and compiled in accordance with DHS Directive 4300A and 4300B, “Sensitive Systems Policy and Handbook”, and NIST to protect the confidentiality, integrity, and availability of information and information assets to accomplish the Agency’s mission(s). Program Support provides technical writing and communication expertise to facilitate a broad range of ISD requirements ranging from the development of acquisition packages to briefing materials and stakeholder correspondence. The Governance Program is established in accordance with FISMA Office of Management and Budget (OMB) Circular A-130, Management of Federal Information resources, Appendix III, Security of Federal Automated Information resources; and DHS policy. This Information Assurance (IA)/Security Governance Program established the framework for the overall Information Security Program through the development, documentation, and maintenance of IA (Security) policies, standards, procedures, and guidance. The compilation of these documents is essential to the overall effectiveness of the Agency working towards enterprise security solutions and implementing them in accordance with well-defined security architecture.
Responsibilities in Governance Support Analyst include, but are not limited to:
- Maintain, review, and develop ISD policies and procedures utilizing simple and plain language.
- Maintain and update ISD policies and procedures to reflect any changes in the U.S. Laws, Executive Branch, DHS and Component internal standard operating procedures.
- Compare and analyze Agency’s policies and procedures to ensure compliance with OMB, Government Accountability Office (GAO), NIST, DHS, National Archives and Records Administration (NARA), and other authoritative guidance sources as established by U.S. law or the Executive Branch.
- Review all security control content in accordance with NIST SP 800-53 (latest edition/revision), “Recommended Security Controls for Federal Information Systems and Organizations”, DHS 4300A, and any other applicable guidance in drafting security policies.
- Publish and maintain the current policies and procedure library within the Agency’s documentation repository system, and assist the Government
- POC in the transferring of ISD documentation to the appropriate SharePoint libraries.
- Manage the routing and approval process for documents created and maintained and coordinate with offices external to ISD for reviewing and updating policies and procedures.
- Provide a course of action plan to address deficiencies in information security policy and procedure practices and conduct annual reviews:
- Develop policies and procedures as directed by the client in relationship to Information Assurance.
- Participate annually in the reviewing of the DHS 4300-series and other DHS policies, memorandums, and documentation forwarded for component-level review.
- Assist in the coordination efforts of the Agency’s reviews and responses to draft information security policies, procedures, processes, guides and audit documentation.
- Collect and provide a coordinated response of all reviews prior to submission.
- Participate in working groups such as the DHS Information Security Working Group, IA Policy Working Group, DHS Cybersecurity Working
- Group, DHS Security Policy Working Groups and others as directed. Provide meeting minutes for each attended working group, per meeting.
- Assist with writing, editing and publishing IT system security and privacy planning policy, procedures, and technical system documentation such as backup and recovery, continuity of operations, policy, and memoranda rules of behavior to instruct users how to use the agency’s Integrated Operating Environment (IOE).
- Assist with the development, and maintain a five-year Information Security Strategic Plan. In addition, maintain a summarized three-year plan in an executive summary format.
- Assist the program manager, acquisition team and technical personnel with the development of documentation to support the acquisition of IT security services and equipment. Specifically support the collection of relevant information, writing, and editing of the necessary acquisition documents for submission to the program manager for review.
- Support the creation and technical writing for white papers, position papers, decision memorandums, guides, communications, PowerPoint presentations to a variety of audiences including stakeholders, management and end users.
- Provide support in the evolution of the ICAM environment governance structure and process.
- Support the development of ICAM environment funding and operational policies and controls.
- Identify opportunities for improvement in current credentialing and access management administrative and adjudication processes.
- Provide recommendations for the governance structure and processes.
- Analyze logical and physical access control log records and recommending changes to the ICAM environment and ICAM-related processes.
- Education: Associate’s Degree.
- 5-15 Years of experience.
- Certifications: At least one active certification such as Security+, CASP, GSEC, GSLC, CISSP, CEH, CISM, or CISA.
- Minimum of three (3) years of IT Security Audit experience which includes analyzing and documenting vulnerability assessments.
- U.S. citizenship required, active DHS/Secret clearance a plus.
- Strong understanding of FISMA and FISMA compliance.
- Experience working in Federal information security programs.
- Abreast on Federal cybersecurity initiatives.
- Experience analyzing policy; and developing implementation plans.
- Experience conducting gap analyses.
- Experience developing position papers.
- Ability to contribute proactively and meaningfully in security working groups.
- Problem solving skills and ability to work under pressure.
- Strong Communication skills, verbal and written.