FISMA Compliance Analyst IApply Now
The FISMA Compliance Analyst I is responsible for developing and executing control test plans for assigned critical processes and associated integrated controls (including Sarbanes-Oxley). The incumbent must become familiar with NIST requirements (NIST 800-53) as well as FFIEC, HIPAA, GLBA, PCI and other regulatory frameworks. This position is responsible for working with IT areas to ensure critical processes have been analyzed and documented. The incumbent must ensure that adequate testing is performed on assigned control tests.
The FISMA Compliance Analyst I is also responsible for issue identification and remediation validation. Some communication with senior management may be required and will be verbal as well as written. The incumbent will work with control owners to gather evidence for control testing, as well as for remediation validation.
Strong organizational skills are required and proven communication skills are a must. The position will be responsible for certain requirements around federal boundaries. The incumbent must become familiar with the boundaries currently supported and the process to maintain an authority to operate.
1. Test Planning and Execution
a. Review components to be tested and controls included for each component assigned (i.e. operating systems, networks, applications, etc.).
b. Create detailed test plans for areas of responsibility. Work with Control Owners and other participants.
c. Execute testing. Work with Control Owners to communicate the testing requirements based on the in-scope controls and appropriate test methods in accordance with related regulatory assessment objectives. Gather and evaluate evidence. Document and communicate testing results to Control Owners and other participants.
d. Prepare detailed evidence to support compliance of controls tested.
e. Manage document storage for testing evidence.
2. Issues Management
a. Responsible for understanding the issue management process and managing issues related to assigned areas and components. Communicate with owners and appropriately document issues within Archer. Retest items as remediation plans are implemented.
b. When new items are identified, work with Control Owners to ensure the new finding is accurate and the remediation date is acceptable.
c. Work with Issue Owners through the process of closing issues.
3. Control Maintenance
a. Become familiar with assigned areas and monitor overall compliance with that area on a continuous basis.
b. Work with control owners to update controls based upon regulatory source updates and/or additions to Navient's regulatory requirements.
4. Support & Communication
a. Participate as a key participant in the IT Compliance department. Work closely with Information Security, IT, Corporate Compliance, and all other key program members to ensure the overall program continues to meet the federal security requirements in the most cost effective, efficient manner possible.
b. Track individual project and assigned issues, and ensure IT and business areas are on schedule to meet deadlines.
c. Communicate ideas, testing strategies, findings, and process improvements, both verbally and in writing, in a clear, concise manner tailored to the appropriate audience.
This position will support a federal government contract. Applicants must be able to obtain Public Trust security clearance as required of federal government contractors to include a background check conducted by the U.S. Government to determine eligibility and suitability for federal contract employment for public trust or sensitive positions. For this level of clearance, applicants must possess U.S. citizenship.
* Bachelor's Degree in Computer Science, Information Systems, Business, Accounting or equivalent experience
* Ability to meet project due dates.
* Excellent written and verbal communication skills, including presentation skills.
* Ability to simultaneously work on multiple projects.
* Ability to recognize/analyze/and document deficiencies and articulate those deficiencies to key management personnel.
* Excellent organizational skills.
* Excellent analytical skills and problem solving ability.
* Ability to make recommendations and decisions independently.
* Ability to perform well under pressure and to work independently with high levels of initiative.
* Proficient in Microsoft Excel.