Security Services – Compliance Specialist
Position ID: 20210312-Security-Services-Compliance-Specialist
Job Description/Expectations :
Movaci is seeking a motivated and customer-oriented information security professional to support the Movaci Information Security Compliance Team in executing Risk Management Framework (RMF) based Assessment & Authorization (A&A) activities. Specifically, the candidate will support compliance programs and perform security control assessments to determine the extent to which Information System security controls are implemented correctly, operating as intended, and producing the desired outcomes. In addition, the candidate should be able to contribute to the completion of milestones associated with specific projects and provide solutions to a variety of complex technical problems involving security control assessments.
- Excellent verbal and written communication skills and the ability to work on several assessment tasks concurrently with assistance for the team lead.
- Ability to understand and discuss Information System and Application vulnerabilities if discovered during an assessment engagement.
- Understanding of Information Assurance and Continuous Monitoring terminology and methodologies.
- Professional attitude and demeanor.
- Expertise in knowledge of NIST-SP800, HIPAA, PCI DSS, ISO 27001 and related standards.
- Support developing and/or updating security artifacts related to the risk management framework.
- 3 years of information technology experience.
- Experience with MS Office Suite, JIRA.
- Critical thinking, and ability to balance security requirements with mission needs.
- Ability to work quickly, efficiently and accurately in a dynamic and fluid environment.
- Bonus Points:
o Knowledge and/or experience using an eGRC tool
o Knowledge of Splunk, Nessus, OKTA or similar tools
o Security+ Certifications
- Conducts comprehensive security control assessments levied against a system and documenting the results, including recommendations for correcting any weaknesses or deficiencies in the controls.
- Develops a Security Assessment Report (SAR).
- Conducts comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the system.
- Performs security control assessments on cloud-based systems (i.e., Azure, AWS).
- Independently review security artifacts provided and assess both the technical and functional adequacy of the cyber security/information assurance controls.
- Review and Assess stakeholder security objectives, protection needs and concerns, security requirements, and associated validation methods.
- Review and Assess system security requirements and associated verification methods per Risk Management Framework (RMF) standards.
- Identify and/or assess vulnerabilities and susceptibility to life cycle disruptions, hazards, and threats.
- Assess a wide array of support of technologies, network devices, hardware, and software.
- Manage one or more NIST 800-171 security control families for each assessment.
- Validate that appropriate management, operational, and technical security and privacy controls have been implemented for the information system.
- Identify and understand the risks that apply to the assessed system.
- Support continuous monitoring of production systems in accordance with defined security controls.
8:30 am – 5:30 pm, Monday – Friday, 40-hour work week, 24 x 7 on-call as needed.
For more Information:
Human Resources Department
Email: Human Resources Department | Phone: +66 (053) 920 555 | Fax: +66 (053) 204 356