MUST CURRENTLY HOLD AND HAVE THE ABILITY TO MAINTAIN A US Clearance of TS/SCI with Poly
JOB DESCRIPTION
As the Information Systems Security Analyst for various programs within GDI, you will serve as the primary subject matter expert leading and assisting all assessment & authorization (A&A) efforts using the NIST Risk Management Framework (RMF) on behalf of various customers across the organization. You will evaluate corporate security related requirements and assess individual project’s compliance with the requirements.
This individual will work side-by-side with the Information Systems Security Engineer (ISSE) and serve as a trusted security advisor for our customer. In this role, you will conduct cybersecurity analysis of systems for a variety of project teams in preparation for A&A accreditation and as part of our customer continuous monitoring approach to risk management. As part of these efforts, you will review, validate, and in many cases, work with project teams to develop key documents that make up a system’s body of evidence. This includes System Security Plans (SSPs), Contingency Plans (CP), Access Control Plans (ACP), and more.
You must be able to cover all activities that support the NIST RMF and A&A process, which includes, but is not limited to, defining systems, identifying risks, identifying, and implementing protective measures in line with various accreditation levels, analyzing system designs, and assisting with A&A issues that may prevent a system from receiving authorization.
SPECIFIC RESPONSIBILITIES:
Serve as a security advisor for project teams on all initiatives that may have an impact on security. As part this, the ideal candidate will be able to act as liaison between the project teams and key members of cybersecurity leadership. Initiate and drive the A&A process for all new project systems. Ensure all “keep-the-lights-on” cybersecurity related activities (e.g., vulnerability scans, access reviews, etc.) are performed at the frequency required to remain in compliance with accreditation requirements. As part of A&A preparation efforts, proactively identify potential risks associated with systems and advise on mitigation strategies. Drive efforts to produce appropriate artifacts to support A&A control responses. Identify and work with key A&A stakeholders to ensure all system documentation is kept up to date and reflects current security configurations, architecture, and data flow. Participate in all A&A status and technical exchange meetings (TEM) and facilitate discussions around control responses. You will be working with non-security minded team members; you must be able to explain/breakdown controls and security concepts to help the team provide you with responses. If a protective measure is not in place, you must be able to think in terms of compensating measures and processes. Be able to analyze, interpret, and apply changes to A&A control requirements and Federal cybersecurity guidance with respect to customer systems. Be able to communicate the current state, and discuss future state, security posture of customer systems to Oracle and Customer leadership and/or via designated reporting mechanisms. Conduct thorough reviews all vulnerabilities from malware scans, as well as architecture, and defense-in-depth strategies and report findings in POA&Ms document. Works with the customer counterparts directly to manage expectations, respond to tasking, quality of deliverables, and resolution to concerns. Understands the greater Oracle product suite and how its applied on the program. Hold regular technical team meetings to track progress against high priority items while ensuring framework and best practices are being followed. Resolve specific technical issues by coordinating appropriate resources with the customer, PMO and internally within Oracle teams as appropriate. Report project status to PMO and to Customers. Must prioritize tasking with little oversight and navigate conflicting.Career Level - IC4