Alluvial Concepts (Macro Pros)
Information Security/Cloud Compliance Analyst (Hybrid/Remote)
Alluvial Concepts (Macro Pros), Bethesda, Maryland, us, 20811
Information Security/Cloud Compliance Analyst (Hybrid/Remote)
Join to apply for the
Information Security/Cloud Compliance Analyst (Hybrid/Remote)
role at
Alluvial Concepts (Macro Pros) Information Security/Cloud Compliance Analyst (Hybrid/Remote)
1 day ago Be among the first 25 applicants Join to apply for the
Information Security/Cloud Compliance Analyst (Hybrid/Remote)
role at
Alluvial Concepts (Macro Pros) Macro Pros is seeking an Operational Technology (OT) Security Engineer for a long-term engagement (contract or contract-to-hire) supporting a federal agency in Bethesda, MD. The work schedule is Monday on-site in Bethesda (required) with Tuesday through Friday remote. To apply you must be a US Citizen, currently live in metro Washington, DC, and able to pass a standard background check, and obtain a Public Trust Clearance.
Responsibilities
Access Controls and assessment experience - dealing with challenges when an assessment of that control and/or ability to remediate a POA&M for that control & assessing or closing out the findings. Advising on and helping establish sound information security processes and controls for the project according to federal information security policies, practices, and standard operating procedures (SOP), and engaging with the implementation teams to ensure that the solutions designed, built, deployed, and operated and maintained adhere to the same information security requirements. Able to talk through security controls and what it means to the specific type of system. Verify that the information security controls implemented by and in connection with the enterprise technology solutions deployed are operated as designed. Experience supporting Operational Technology (OT) systems and understanding the differences between IT and OT systems from an A&A perspective. The individual will liaise with the assessment and authorization (A&A) team at the client to ensure control requirements are understood and addressed and coordinate responses to A&A assessments in connection with the authority to operate (ATO) for new solutions deployed. Experience taking a system that has a cloud component to it and taking it through the ATO process. Our client has systems they want to bring on that leverage cloud in different aspects (infrastructure, SaaS, etc.). As a security specialist, you must have experience doing assessments and security documentation. Organize and conduct information security control assessments to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will engage project management, project team leads, and client stakeholders as appropriate in conducting assessments, sharing results, and validating remediation of control weaknesses. Information Security Compliance Analyst will provide Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems Advise on and help establish sound information security processes and controls for the project according to federal information security policies, practices, and standard operating procedures (SOP), and engaging with the implementation teams to ensure that the solutions designed, built, deployed, and operated and maintained adhere to the same information security requirements. Verify that the information security controls implemented by and in connection with the enterprise technology solutions deployed are operated as designed. Organize and conduct information security control assessments to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will engage project management, project team leads, and client stakeholders as appropriate in conducting assessments, sharing results, and validating remediation of control weaknesses. Assess information system risks and controls and identifying information system control design and operation weaknesses Perform process and system evaluations (assessments) to ensure compliance with established policies, processes, procedures, and applicable standards Validate security control assessments results Perform a variety of technical and administrative activities related to the function of QA (auditing), including, but not limited to, scheduling, checklist development, report writing, facilitating root cause/lessons learned analysis, and internal/external presentations Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation Conducts complex vulnerability assessments to include development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment Review system configurations and scan tool results to determine system compliance and report results. Compile, analyze, and report on findings of non-compliance and providing recommendations for improvement Capture and maintain plans of action and milestones POA&M) on findings of non-compliance Track and escalate unresolved non-compliance issues and corrective and preventative action plans to closure Validate cyber security tests and assessments are conducted in accordance with established policies and procedures Experience with NIST SP 800-82 Rev. 2 & 3, Risk Management Framework (RMF), and security assessment tools Review documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework). Knowledge and/or experience with Operating System, Virtualization, and Networking technologies
Qualifications
Minimum of 8 years of cyber security experience Minimum of 4 years of experience consulting to the US Federal government, evaluating the security posture of information systems in accordance with federal information security requirements and industry leading guidance and providing risk-based observations and recommendations for information systems security, controls, and operation in connection with conducting A&As for ATOs. Strong Security Controls Assessment documentation required. Experience dealing with contingency plans, business impact analysis, and incident response plans. Understanding of risk assessment as an assessor compared to a risk assessment done by a system owner/team; able to change or adjust the approach based on the level of experience of the stakeholder you’re working with. Demonstrated experience working with information system stakeholders in aiding them to understand information security requirements related to federal and industry standards, i.e., NIST, DHS 4300A, CNSS, and design and operate information security controls. Demonstrated experience assessing information system risks and controls and identifying information system control design and operation weaknesses. Experience with High Value Assets. Experience with CSAM Experience with NIST 800-82 Rev. 3 is required. Experience with Operational Technology/Industrial Control Systems (OT/ICS) is required. Experience applying OT overlay in for any SCADA systems or OT systems. Must have excellent communication skills. This is a customer facing role. Must be 100% comfortable working and communicating with a diverse team.
Additional Information
Bachelor’s degree in computer science, Information Systems, Engineering, Business, or other related scientific/technical discipline. Certified Information Systems Auditor (CISA) certification. Must live in metro Washington, DC and work on-site in Bethesda every Monday (required). Must be a US Citizen and able to obtain a Public Trust Clearance.
#Dice Seniority level
Seniority level Mid-Senior level Employment type
Employment type Contract Job function
Job function Information Technology Referrals increase your chances of interviewing at Alluvial Concepts (Macro Pros) by 2x Sign in to set job alerts for “Compliance Analyst” roles.
Silver Spring, MD $73,070.40-$121,804.80 2 days ago Washington, DC $100,000.00-$130,000.00 1 month ago Compliance Specialist - Export Controls & Sanctions (Washington,DC On-site)
Washington, DC $80,155.00-$89,585.00 1 month ago Washington, DC $100,000.00-$130,000.00 2 months ago Ethics & Compliance Capabilities Specialist - Governance
Washington, DC $115,200.00-$216,600.00 2 weeks ago Reston, VA $65,000.00-$80,000.00 1 week ago Bethesda, MD $65,000.00-$80,000.00 3 days ago Senior Specialist, Compliance and Regulatory Affairs
Kensington, MD $65,624.00-$108,138.00 1 month ago Washington, DC $65,000.00-$85,000.00 3 days ago Compliance Manager - Government & Securities
Washington, DC $153,600.00-$287,280.00 2 weeks ago Domain Assurance Specialist, Functional Compliance, Risk, Compliance, Integrity
Washington, DC $131,000.00-$192,000.00 2 weeks ago Arlington, VA $120,000.00-$150,000.00 4 days ago Privacy Compliance Manager, Risk, Compliance, and Integrity
Washington, DC $158,000.00-$235,000.00 2 weeks ago Content and AI Compliance Specialist, RCI
Washington, DC $131,000.00-$192,000.00 3 days ago Washington, DC $70,000.00-$85,000.00 1 day ago Compliance Manager - Global Integrity & Compliance
Washington, DC $133,000.00-$235,000.00 2 weeks ago Washington, DC $70,000.00-$90,000.00 1 year ago Washington, DC $85,000.00-$100,000.00 3 days ago Regional Compliance Specialist (Mid-Atlantic)
Washington, DC $65,000.00-$95,000.00 1 week ago Washington, DC $114,500.00-$168,500.00 1 week ago Compliance - Rules Analyst - Documentation, Policy, JIRA
Associate Healthcare Compliance Consultant
McLean, VA $100,000.00-$150,000.00 2 weeks ago Arlington, VA $109,000.00-$185,000.00 2 days ago Grant Administration and Compliance Manager
Largo, MD $93,100.00-$139,755.20 1 day ago Washington, DC $150,000.00-$175,000.00 1 week ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Join to apply for the
Information Security/Cloud Compliance Analyst (Hybrid/Remote)
role at
Alluvial Concepts (Macro Pros) Information Security/Cloud Compliance Analyst (Hybrid/Remote)
1 day ago Be among the first 25 applicants Join to apply for the
Information Security/Cloud Compliance Analyst (Hybrid/Remote)
role at
Alluvial Concepts (Macro Pros) Macro Pros is seeking an Operational Technology (OT) Security Engineer for a long-term engagement (contract or contract-to-hire) supporting a federal agency in Bethesda, MD. The work schedule is Monday on-site in Bethesda (required) with Tuesday through Friday remote. To apply you must be a US Citizen, currently live in metro Washington, DC, and able to pass a standard background check, and obtain a Public Trust Clearance.
Responsibilities
Access Controls and assessment experience - dealing with challenges when an assessment of that control and/or ability to remediate a POA&M for that control & assessing or closing out the findings. Advising on and helping establish sound information security processes and controls for the project according to federal information security policies, practices, and standard operating procedures (SOP), and engaging with the implementation teams to ensure that the solutions designed, built, deployed, and operated and maintained adhere to the same information security requirements. Able to talk through security controls and what it means to the specific type of system. Verify that the information security controls implemented by and in connection with the enterprise technology solutions deployed are operated as designed. Experience supporting Operational Technology (OT) systems and understanding the differences between IT and OT systems from an A&A perspective. The individual will liaise with the assessment and authorization (A&A) team at the client to ensure control requirements are understood and addressed and coordinate responses to A&A assessments in connection with the authority to operate (ATO) for new solutions deployed. Experience taking a system that has a cloud component to it and taking it through the ATO process. Our client has systems they want to bring on that leverage cloud in different aspects (infrastructure, SaaS, etc.). As a security specialist, you must have experience doing assessments and security documentation. Organize and conduct information security control assessments to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will engage project management, project team leads, and client stakeholders as appropriate in conducting assessments, sharing results, and validating remediation of control weaknesses. Information Security Compliance Analyst will provide Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems Advise on and help establish sound information security processes and controls for the project according to federal information security policies, practices, and standard operating procedures (SOP), and engaging with the implementation teams to ensure that the solutions designed, built, deployed, and operated and maintained adhere to the same information security requirements. Verify that the information security controls implemented by and in connection with the enterprise technology solutions deployed are operated as designed. Organize and conduct information security control assessments to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will engage project management, project team leads, and client stakeholders as appropriate in conducting assessments, sharing results, and validating remediation of control weaknesses. Assess information system risks and controls and identifying information system control design and operation weaknesses Perform process and system evaluations (assessments) to ensure compliance with established policies, processes, procedures, and applicable standards Validate security control assessments results Perform a variety of technical and administrative activities related to the function of QA (auditing), including, but not limited to, scheduling, checklist development, report writing, facilitating root cause/lessons learned analysis, and internal/external presentations Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation Conducts complex vulnerability assessments to include development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment Review system configurations and scan tool results to determine system compliance and report results. Compile, analyze, and report on findings of non-compliance and providing recommendations for improvement Capture and maintain plans of action and milestones POA&M) on findings of non-compliance Track and escalate unresolved non-compliance issues and corrective and preventative action plans to closure Validate cyber security tests and assessments are conducted in accordance with established policies and procedures Experience with NIST SP 800-82 Rev. 2 & 3, Risk Management Framework (RMF), and security assessment tools Review documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework). Knowledge and/or experience with Operating System, Virtualization, and Networking technologies
Qualifications
Minimum of 8 years of cyber security experience Minimum of 4 years of experience consulting to the US Federal government, evaluating the security posture of information systems in accordance with federal information security requirements and industry leading guidance and providing risk-based observations and recommendations for information systems security, controls, and operation in connection with conducting A&As for ATOs. Strong Security Controls Assessment documentation required. Experience dealing with contingency plans, business impact analysis, and incident response plans. Understanding of risk assessment as an assessor compared to a risk assessment done by a system owner/team; able to change or adjust the approach based on the level of experience of the stakeholder you’re working with. Demonstrated experience working with information system stakeholders in aiding them to understand information security requirements related to federal and industry standards, i.e., NIST, DHS 4300A, CNSS, and design and operate information security controls. Demonstrated experience assessing information system risks and controls and identifying information system control design and operation weaknesses. Experience with High Value Assets. Experience with CSAM Experience with NIST 800-82 Rev. 3 is required. Experience with Operational Technology/Industrial Control Systems (OT/ICS) is required. Experience applying OT overlay in for any SCADA systems or OT systems. Must have excellent communication skills. This is a customer facing role. Must be 100% comfortable working and communicating with a diverse team.
Additional Information
Bachelor’s degree in computer science, Information Systems, Engineering, Business, or other related scientific/technical discipline. Certified Information Systems Auditor (CISA) certification. Must live in metro Washington, DC and work on-site in Bethesda every Monday (required). Must be a US Citizen and able to obtain a Public Trust Clearance.
#Dice Seniority level
Seniority level Mid-Senior level Employment type
Employment type Contract Job function
Job function Information Technology Referrals increase your chances of interviewing at Alluvial Concepts (Macro Pros) by 2x Sign in to set job alerts for “Compliance Analyst” roles.
Silver Spring, MD $73,070.40-$121,804.80 2 days ago Washington, DC $100,000.00-$130,000.00 1 month ago Compliance Specialist - Export Controls & Sanctions (Washington,DC On-site)
Washington, DC $80,155.00-$89,585.00 1 month ago Washington, DC $100,000.00-$130,000.00 2 months ago Ethics & Compliance Capabilities Specialist - Governance
Washington, DC $115,200.00-$216,600.00 2 weeks ago Reston, VA $65,000.00-$80,000.00 1 week ago Bethesda, MD $65,000.00-$80,000.00 3 days ago Senior Specialist, Compliance and Regulatory Affairs
Kensington, MD $65,624.00-$108,138.00 1 month ago Washington, DC $65,000.00-$85,000.00 3 days ago Compliance Manager - Government & Securities
Washington, DC $153,600.00-$287,280.00 2 weeks ago Domain Assurance Specialist, Functional Compliance, Risk, Compliance, Integrity
Washington, DC $131,000.00-$192,000.00 2 weeks ago Arlington, VA $120,000.00-$150,000.00 4 days ago Privacy Compliance Manager, Risk, Compliance, and Integrity
Washington, DC $158,000.00-$235,000.00 2 weeks ago Content and AI Compliance Specialist, RCI
Washington, DC $131,000.00-$192,000.00 3 days ago Washington, DC $70,000.00-$85,000.00 1 day ago Compliance Manager - Global Integrity & Compliance
Washington, DC $133,000.00-$235,000.00 2 weeks ago Washington, DC $70,000.00-$90,000.00 1 year ago Washington, DC $85,000.00-$100,000.00 3 days ago Regional Compliance Specialist (Mid-Atlantic)
Washington, DC $65,000.00-$95,000.00 1 week ago Washington, DC $114,500.00-$168,500.00 1 week ago Compliance - Rules Analyst - Documentation, Policy, JIRA
Associate Healthcare Compliance Consultant
McLean, VA $100,000.00-$150,000.00 2 weeks ago Arlington, VA $109,000.00-$185,000.00 2 days ago Grant Administration and Compliance Manager
Largo, MD $93,100.00-$139,755.20 1 day ago Washington, DC $150,000.00-$175,000.00 1 week ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr