Security Compliance Auditor
Requisition #:
SECUR003897 Job Title:
Security Compliance AuditorLocation:
380 Herndon Parkway Herndon, Virginia 20170 (Hybrid)Clearance Level:
Active DoD - Public TrustRequired Certification(s):
CISSP or CASP Certification (preferred).
SUMMARYThe Smithsonian Institution is a public trust whose mission is the increase and diffusion of knowledge.
The Smithsonian was established by the United States Congress and includes 19 museums, the National Zoological Park, 9 research centers and numerous research programs.
The Smithsonian's assets include a variety of critical information resources, such as collections information, digital collections, research data, intellectual property, donor information, financial data and transactions, computing assets (hardware and software), etc.
Agile Defense is seeking a Security Compliance Auditor to supportIT Security Staff (ITSS) with IT Security audit and compliance support.
The ITSS within OCIO manages the enterprise IT security program for the Institution.
ITSS works closely with IT staff and other personnel from throughout the Institution on IT security initiatives and processes.
ITSS consists of the Security Operations Center (SOC), Systems Risk Management (SRM), PCI Compliance, and Security Architecture & Engineering.
The Security Compliance Auditor will work with ITSS leadership to perform internal IT Security audits and quality reviews, prepare SI for IG audits, assist with tracking of IG audit requests and resolution of audit findings, performance reviews of compliance with SI policies, track SI's progress in complying with FISMA metrics, and working with the team to resolve any issues discovered.
JOB DUTIES AND RESPONSIBILITIES Perform internal audits and compliance checks to ensure that SI is compliant with its IT Security policies, procedures, and technical standards.
Ongoing review and updating of tracking information and evidence for SI compliance with the FISMA metrics used for annual IG audit (using our custom Archer application) Perform independent quality assurance checks on System Assessment & Authorization documentation, incident response records, POA&Ms, Key Performance Indicators, policy and procedure documentation, system inventory, etc.
and related supporting evidence to ensure they are being maintained effectively.
Track findings and make recommendations to stakeholders to ensure resolution of any issues discovered in the audits/reviews.
Assist stakeholders with planning remediations if needed.
Perform collection and coordination of evidence provided to the IG auditors.
Assist with tracking and resolution of findings from IG audits, SI-acquired penetration tests, and other assessments.
Work with ITSS leadership to develop procedures for enforcement and escalation related to security policy violations.
Provide reports to ITSS and OCIO management based on assessments performed.
Make recommendations for enhancing SI's compliance with requirements and standards, improving audit results, and enhancing IT security at SI.
Ensure that SI is prepared for annual IG security audit and that necessary evidence has been reviewed and is ready to be provided.
Participate in planning of IT security program improvements to address emerging requirements and risks.
Collaborate and communicate effectively with project teams and customers.
Develop effective working relationships with colleagues and project stakeholders.
Give presentations on findings and recommendations to various audiences.
QUALIFICATIONSRequired CertificationsCISSP or CASP Certification preferredEducation, Background, and Years of Experience Bachelor's Degree.
Five years of technical experience.
ADDITIONAL SKILLS & QUALIFICATIONSRequired Skills Experience performing audits, compliance assessments, and quality assurance checks.
Knowledge and experience with NIST computer security frameworks and guidelines, including the Risk Management Framework (RMF) and the CyberSecurity framework (CSF).
Understanding of additional security frameworks and best practices such as PCI DSS, CIS, etc.
is a plus.
In depth knowledge of computer security best practices and technical concepts.
Must be well-organized and detail-oriented.
Ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.
Excellent writing, interpersonal and communication skills.
Must be able to effectively communicate with a variety of audiences in a broad range of formats to inform, collaborate and advise personnel throughout the organization.
Ability to work both independently and collaboratively with teams.
Must be responsible and capable of working with minimal supervision to effectively achieve the goals stated above, but also work well with others.
WORKING CONDITIONSEnvironmental Conditions Contractor site with 0%-10% travel possible.
General office environment.
Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time.
The working environment is generally favorable.
Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc.
Work is generally performed within an office environment, with standard office equipment available.
Hybrid, Onsite 1 day per week (Tuesdays), telework other days.
Strength DemandsSedentary - 10 lbs.
Maximum lifting, occasional lift/carry of small articles.
Some occasional walking or standing may be required.
Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
Physical RequirementsStand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or PullAbout Us!Agile Defense provides leading-edge Digital Transformation solutions to support and advance our customers' mission.
We deliver innovative and high-quality services to our customers worldwide through an empowered and engaged workforce.
Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental.
Our culture is alive and evolving, but it always stays true to its roots.
Here, you are valued as a family member, and we believe that we can accomplish great things together.
Agile Defense has been highly successful in the past few years due to our employees and the culture we create together.
We believe several attributes are the root of our very best employees and extraordinary culture.
We have named these attributes The 6 H's - Happy, Helpful, Honest, Humble, Hungry, and Hustle.
Happy:
We exhibit a positive outlook in order to create a positive environment.
Helpful:
We assist each other and pull together as teammates to deliver.
Honest:
We conduct our business with integrity.
Humble:
We recognize that success is not achieved alone, that there is always more to learn, and that no task is below us.
Hungry:
We desire to consistently improve.
Hustle:
We work hard and get after it.
These Core Values are present in all our employees and our organization's aspects.
Learn more about us and our culture by visiting us here.
COVID-19 Vaccination RequirementsAgile Defense is subject to federal vaccine mandates or other customer/facility vaccination requirements as a federal contractor.
As such, to protect its employees' health and safety and comply with customer requirements, Agile Defense may require employees in certain positions to be fully vaccinated against COVID-19.
Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
41 CFR 60-1.
35(c) Recommended Skills Adaptability Agile Methodology Architecture Assessments Attention To Detail Auditing Estimated Salary: $20 to $28 per hour based on qualifications.
SECUR003897 Job Title:
Security Compliance AuditorLocation:
380 Herndon Parkway Herndon, Virginia 20170 (Hybrid)Clearance Level:
Active DoD - Public TrustRequired Certification(s):
CISSP or CASP Certification (preferred).
SUMMARYThe Smithsonian Institution is a public trust whose mission is the increase and diffusion of knowledge.
The Smithsonian was established by the United States Congress and includes 19 museums, the National Zoological Park, 9 research centers and numerous research programs.
The Smithsonian's assets include a variety of critical information resources, such as collections information, digital collections, research data, intellectual property, donor information, financial data and transactions, computing assets (hardware and software), etc.
Agile Defense is seeking a Security Compliance Auditor to supportIT Security Staff (ITSS) with IT Security audit and compliance support.
The ITSS within OCIO manages the enterprise IT security program for the Institution.
ITSS works closely with IT staff and other personnel from throughout the Institution on IT security initiatives and processes.
ITSS consists of the Security Operations Center (SOC), Systems Risk Management (SRM), PCI Compliance, and Security Architecture & Engineering.
The Security Compliance Auditor will work with ITSS leadership to perform internal IT Security audits and quality reviews, prepare SI for IG audits, assist with tracking of IG audit requests and resolution of audit findings, performance reviews of compliance with SI policies, track SI's progress in complying with FISMA metrics, and working with the team to resolve any issues discovered.
JOB DUTIES AND RESPONSIBILITIES Perform internal audits and compliance checks to ensure that SI is compliant with its IT Security policies, procedures, and technical standards.
Ongoing review and updating of tracking information and evidence for SI compliance with the FISMA metrics used for annual IG audit (using our custom Archer application) Perform independent quality assurance checks on System Assessment & Authorization documentation, incident response records, POA&Ms, Key Performance Indicators, policy and procedure documentation, system inventory, etc.
and related supporting evidence to ensure they are being maintained effectively.
Track findings and make recommendations to stakeholders to ensure resolution of any issues discovered in the audits/reviews.
Assist stakeholders with planning remediations if needed.
Perform collection and coordination of evidence provided to the IG auditors.
Assist with tracking and resolution of findings from IG audits, SI-acquired penetration tests, and other assessments.
Work with ITSS leadership to develop procedures for enforcement and escalation related to security policy violations.
Provide reports to ITSS and OCIO management based on assessments performed.
Make recommendations for enhancing SI's compliance with requirements and standards, improving audit results, and enhancing IT security at SI.
Ensure that SI is prepared for annual IG security audit and that necessary evidence has been reviewed and is ready to be provided.
Participate in planning of IT security program improvements to address emerging requirements and risks.
Collaborate and communicate effectively with project teams and customers.
Develop effective working relationships with colleagues and project stakeholders.
Give presentations on findings and recommendations to various audiences.
QUALIFICATIONSRequired CertificationsCISSP or CASP Certification preferredEducation, Background, and Years of Experience Bachelor's Degree.
Five years of technical experience.
ADDITIONAL SKILLS & QUALIFICATIONSRequired Skills Experience performing audits, compliance assessments, and quality assurance checks.
Knowledge and experience with NIST computer security frameworks and guidelines, including the Risk Management Framework (RMF) and the CyberSecurity framework (CSF).
Understanding of additional security frameworks and best practices such as PCI DSS, CIS, etc.
is a plus.
In depth knowledge of computer security best practices and technical concepts.
Must be well-organized and detail-oriented.
Ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.
Excellent writing, interpersonal and communication skills.
Must be able to effectively communicate with a variety of audiences in a broad range of formats to inform, collaborate and advise personnel throughout the organization.
Ability to work both independently and collaboratively with teams.
Must be responsible and capable of working with minimal supervision to effectively achieve the goals stated above, but also work well with others.
WORKING CONDITIONSEnvironmental Conditions Contractor site with 0%-10% travel possible.
General office environment.
Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time.
The working environment is generally favorable.
Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc.
Work is generally performed within an office environment, with standard office equipment available.
Hybrid, Onsite 1 day per week (Tuesdays), telework other days.
Strength DemandsSedentary - 10 lbs.
Maximum lifting, occasional lift/carry of small articles.
Some occasional walking or standing may be required.
Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
Physical RequirementsStand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or PullAbout Us!Agile Defense provides leading-edge Digital Transformation solutions to support and advance our customers' mission.
We deliver innovative and high-quality services to our customers worldwide through an empowered and engaged workforce.
Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental.
Our culture is alive and evolving, but it always stays true to its roots.
Here, you are valued as a family member, and we believe that we can accomplish great things together.
Agile Defense has been highly successful in the past few years due to our employees and the culture we create together.
We believe several attributes are the root of our very best employees and extraordinary culture.
We have named these attributes The 6 H's - Happy, Helpful, Honest, Humble, Hungry, and Hustle.
Happy:
We exhibit a positive outlook in order to create a positive environment.
Helpful:
We assist each other and pull together as teammates to deliver.
Honest:
We conduct our business with integrity.
Humble:
We recognize that success is not achieved alone, that there is always more to learn, and that no task is below us.
Hungry:
We desire to consistently improve.
Hustle:
We work hard and get after it.
These Core Values are present in all our employees and our organization's aspects.
Learn more about us and our culture by visiting us here.
COVID-19 Vaccination RequirementsAgile Defense is subject to federal vaccine mandates or other customer/facility vaccination requirements as a federal contractor.
As such, to protect its employees' health and safety and comply with customer requirements, Agile Defense may require employees in certain positions to be fully vaccinated against COVID-19.
Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
41 CFR 60-1.
35(c) Recommended Skills Adaptability Agile Methodology Architecture Assessments Attention To Detail Auditing Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
