Do you have the qualifications and desire to start a career in information security, but need experience? WingSwept is looking for a Junior Security Compliance Analyst to assist in documenting, maintaining, developing, and coordinating compliance efforts across our company. This is an entry-level position with ample room for growth.

The responsibilities of the position will include:

• Become familiar with the various compliance programs at WingSwept
• Participate in all steps of the Security Authorization and Assessment process for FISMA, FedRAMP, HIPAA systems.
• Participate to develop and maintain system security documentation, including drafting, reviewing, editing and recommending guidance
  • Ensure all needed policies and procedures for compliance efforts are written and maintained
• Develop and review system security authorization documentation such as security plans, risk assessments, and security control test reports, contingency plans, and responses to third-party questionnaires and audits
• Assist to maintain all documentation as needed/required
• Participate in security control assessments and audits
• Stay informed of changes to compliance programs
• Gather and maintain artifacts to prepare for audits
• Coordinate with other staff members to ensure POA&Ms are addressed in the required timeline
• Assist to review Security and Compliance scans for remediation by system administrators
• Assist to review and validate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System prior to authorizing closure
  • Proper documentation to support the POA&M lifecycle shall be filed and updated as required, including well documented waivers and exceptions detailing the potential risk to the Authorizing Official
• Participate in Cyber Security Incident Response Processes, incident investigations and audit reporting requests
• Ensure appropriate training is given and tracked for staff to meet compliance controls
• Develop a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each covered IT System
• Perform as an individual contributor but may oversee or provide direction for work performed by other parties
• Document compliance activities
• Compliance documentation for client requests
• Participate in Information Security Committee meeting to include agenda prep, meeting minutes
• Continuous monitoring documentation

Minimum Qualifications:

• Associate's degree
• Strong writing skills are required
• Strong analytical and problem-solving skills
• Strong detail orientation, follow-through capabilities, and escalation of key issues
• Able to manage multiple issues at one time
• Work effectively in a dynamic environment where shifting priorities frequently alters work plans
• Highly self-motivated and directed with a desire to learn
• Able to work in a team-oriented, collaborative environment
• Excellent time management and related organizational skills, including appropriate sense of urgency, dependability, a proactive approach, and a suitable ability to anticipate and manage multiple project lifecycle events, issues and obstacles
• Strong organization and coordination skills to work effectively in a multidisciplinary team setting
• High comfort level and understanding of technology

Additional Consideration Given:

• Experience with Risk Management Framework (RMF), POA&Ms, Security Authorization and Assessments
• Experience conducting and documenting vulnerability assessments
• Knowledge of and experience with NIST SP 800-53, 800-53A, and 800-37
• Understanding of FISMA compliance
• Understanding of FedRAMP
• Experience with Nessus scans, or similar tool

If this sounds like a good fit for you, please apply today!

Equal Opportunity Employer M/F/Disabled/Veteran