Posted in

Senior Process Improvement Consultant

Senior Process Improvement Consultant

CompanyGuidehouse
LocationChantilly, VA, USA, McLean, VA, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior

Requirements

  • An ACTIVE and CURRENT TOP SECRET/SCI federal security clearance with a Counterintelligence (CI) polygraph
  • Bachelor’s Degree in a Business or Technical field
  • THREE (3) or more years of experience in information technology, cybersecurity, and/or information assurance
  • Experience in consulting with the federal government to include senior government clients
  • Understanding and knowledge of federal information security and assurance laws, requirements, and guidance

Responsibilities

  • Performing assessments of IT controls using industry-standard guidance and leading best practices
  • Conducting interviews and discussions with a variety of client stakeholders, including IT system personnel such as Information System Security Officers (ISSOs) and system administrators
  • Reviewing and analyzing documents and artifacts to assist in IT controls testing such as system security plans, SOPs, audit logs, configuration scans, and vulnerability scans
  • Evaluating the implementation and effectiveness of IT controls using provided artifacts against federal requirements, industry guidance, and leading best practices
  • Documenting the results of IT controls testing in a consistent and high-quality manner that would allow others to review and understand the results
  • Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership
  • Understanding and analyzing known IT control weaknesses, identifying root causes, and developing detailed remediation plans
  • Providing subject matter expertise to client personnel on a wide range of matters relating to IT security and assurance
  • Responding to ad-hoc IT security-related requests from client personnel
  • Planning and executing day-to-day activities of IT assessments and evaluations individually and for the team
  • Mentoring junior team members in day-to-day IT controls testing responsibilities

Preferred Qualifications

  • Relevant certification such as the Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
  • Demonstrated knowledge and experience in IT risk and controls through IT audits, IT controls assessments, or IT security reviews
  • Demonstrated ability and working knowledge of: FISMA, NIST SP 800 series, FISCAM, other relevant federal information assurance laws, regulations, and guidance
  • Experience performing: FISMA, OMB Circular A-123, or similar internal control assessments
  • Experience implementing or auditing access and account management principles, including authorization, provisioning, recertification, and separation of duties
  • Experience implementing or auditing contingency planning principles, including backups, testing of backups, and alternate processing sites
  • Experience implementing or auditing configuration management principles, including configuration baseline concepts, baseline deviations, baseline maintenance, change control, and monitoring, and industry-accepted configuration settings such as DISA STIGs
  • Experience performing audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review