SENIOR INFORMATION SECURITY ANALYST (REMOTE ELIGIBLE)
Company: Mathematica
Location: Austin
Posted on: November 8, 2024
|
|
Job Description:
Position Description:Mathematica applies expertise at the
intersection of data, methods, policy, and practice to improve
well-being around the world. We collaborate closely with public-
and private-sector partners to translate big questions into deep
insights that improve programs, refine strategies, and enhance
understanding. Our work yields actionable information to guide
decisions in wide-ranging policy areas, from health, education,
early childhood, and family support to nutrition, employment,
disability, and international development. Mathematica offers our
employees competitive salaries, and a comprehensive benefits
package, as well as the advantages of being 100 percent employee
owned. As an employee stock owner, you will experience financial
benefits of ESOP holdings that have increased in tandem with the
company's growth and financial strength. You will also be part of
an independent, employee-owned firm that is able to define and
further our mission, enhance our quality and accountability, and
steadily grow our financial strength. Learn more about our benefits
here.We are looking for a highly organized and tech-savvy Senior
Information Security Analyst to join our IT Security, Risk and
Compliance group. This individual will leverage their technical
background and expertise in the application of security and privacy
standards in contributing to the continuous improvement of
Mathematica's information security program while delivering client
security services to projects in the public and private sectors.
This role will advise project and technology teams on government
and industry standards and best practices for securing applications
in cloud, on-premises, and hybrid deployments, test applications
according to prescribed security test plans, recommend specific
tools and procedures to enhance application security and describe
how project processes and procedures align with security and
privacy standards. In addition, the Senior Information Security
Analyst may interact directly with clients and support efforts to
execute contractual requirements.Responsibilities:Engage with
project teams advising on development of solutions to align with
prevailing security and privacy standards, guidelines, and best
practices.Lead security tasks on project teams with significant
client-facing security responsibilities, including establishing and
maintaining compliance with contractual, FISMA, and HIPAA
requirements.Lead the development of client and corporate security
assessment and authorization documentation (system security plans,
risk assessment, security control testing reports, contingency
plans, responses to third-party questionnaires and audits).Lead
on-premise and cloud technology risk and compliance assessments and
recommend solutions to correct deficiencies.Support federal clients
in leading the execution of annual security and privacy assessments
of third- party developed information systems, including planning
and scheduling, Rules of Engagement development, security and
privacy control selection, third-party penetration testing
coordination, and POAM management.Translate project security and
privacy compliance requirements into tasks, prioritize assignments,
and develop plans and schedules to support timely
delivery.Contribute security oversight into early-stage information
system design planning on projects.Ensure project teams integrate
standardized information security principles into modern
application architecture development and apply security testing
within CI/CD pipelines.Promote use of disciplined security testing
techniques, tools, and metrics across SDLC (software solution
development, deployment, maintenance / operations, and
disposition).Interact directly with clients and partners, including
HHS and large federal IT integrators, and states.Develop,
operationalize, and standardize security processes, including
management of access to client systems and data, vulnerability
management, and continuous monitoring.Contribute to corporate
security policies, standards, procedures, and plans, and identify
opportunities to improve efficiency.Actively support the
advancement of organizational diversity, equity and inclusion
efforts, and apply diversity, equity and inclusion lens across job
responsibilities.As a federal government contractor, all staff
working in our central ITS group with access to corporate computer
systems are required to successfully undergo a background
investigation or security clearance as a condition of
employment.Additional duties may be assigned as needed.Position
Requirements:Bachelor's degree in computer science, software
development, cybersecurity or relevant discipline preferred. Will
also consider a combination of education and computer / IT skills
developed through progressively responsible positions in technology
or consulting roles.5+ years of experience in security and privacy
risk assessment and compliance in on-premises, cloud, and hybrid
environments.Possession of or ability to obtain professional
certifications in information security or risk management, such as
Certified Information System Security Professional (CISSP), CGRC -
Governance, Risk and Compliance Certification, Certified
Information Security Manager (CISM) or other relevant certification
required. Amazon Web Services security certification
desirable.Expertise in federal standards and regulations-compliant
security and privacy programs, and Authority to Operate (ATO)
processes.Expert knowledge of relevant FedRAMP and National
Institute of Standards and Technology (NIST) Special
PublicationsExperience preparing and / or reviewing ATO
documentation for federal agencies.Experience reviewing security
control implementations and communicating security best practices
and risks associated with control deficiencies in cloud-hosted and
on-premises environments.Ability to collaborate effectively in a
highly matrixed organization in on-premises, cloud, and hybrid
security implementation. Demonstrated ability to team with and
partner across business units.Experience reviewing information
system design documentation and architecture diagrams to identify
security weaknesses.Demonstrated knowledge of modern application
architecture design principles and frameworks such as
containerization, serverless computing, microservices, and RESTful
APIDemonstrated knowledge of continuous monitoring, POA&M, and
vulnerability management requirements, tools, techniques, and
processes.Experience with security and privacy incident
response.Expertise applying consulting concepts and skills when
engaging project and client teams.Ability to ask questions and
approach a new or unfamiliar task, skill, or project with a can-do
mindset.Strong organizational skills and ability to work in a
fast-paced, multidisciplinary, and matrixed team setting.Superb
interpersonal skills, with the ability to convey complex security
and privacy concepts to varied audiences in verbal and written
formats.Nice-to-Have:Project Management experience including
project planning, work breakdown structures, and
budgeting.Knowledge of new and emerging information technology (IT)
and cybersecurity technologies.Experience with Agile and DevSecOps
approaches.Familiarity with programming/scripting languages and
frameworks.Experience conducting vendor security
assessments.Experience creating and maintaining privacy and
security policies (aligned to Federal requirements).Experience
using Jira to manage workloads and tasks and to oversee progress
against established timelines and due dates.Knowledge of
operational risk management concepts.Knowledge of security
certification processes (ISO 27001, CMMC).This position offers an
anticipated annual base salary range of $90,000-$125,000. This
position may be eligible for a discretionary bonus based on company
and individual performance.To apply, please submit a cover letter,
resume, location preference, and salary expectations. **/STAFFING
AGENCIES AND THIRD PARTY RECRUITERS:// Mathematica is not accepting
candidates for this role or any technical role from staffing
agencies or third party recruiters. Please do not contact technical
or senior staff at Mathematica or share unsolicited resumes. All
agency inquiries go through the talent acquisition team and will be
routed accordingly. /Available Locations: Washington, DC;
Princeton, NJ; remote#remote-usa#LI-NN1We are an Equal Opportunity
Employer and do not discriminate against any employee or applicant
for employment because of race, color, sex, age, national origin,
religion, sexual orientation, gender identity, status as a veteran,
and basis of disability or any other federal, state or local
protected class.
Keywords: Mathematica, Austin , SENIOR INFORMATION SECURITY ANALYST (REMOTE ELIGIBLE), Professions , Austin, Texas
Click
here to apply!
|