Government Security
Network Security Resources

Jump to content


FISMA Compliance Analyst Needed

- - - - - security it security vulnerability privacy tools certification
  • Please log in to reply
No replies to this topic

#1 amasters



  • Members
  • 0 posts

Posted 12 September 2008 - 06:25 AM

Title: FISMA Compliance Analyst

Location: D.C. Metro Area

Client/Employer: To be disclosed.

Compensation: Competitive

>>>Required clearance: TOP SECRET

Benefits - Full

Relocation Assistance Available - Yes

Interview Travel Reimbursed - Yes

The Ideal Candidate

5+ to 7 years of experience

Management Experience Required - No

Minimum Education - Bachelor's Degree

Willingness to Travel Never

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Top Secret required unless candidate is currently working for a component of DHS, then Secret will suffice.

IT Security's FISMA Compliance team is responsible for monitoring Information Systems during the 4 phases of Certification and Accreditation (C&A) in order to assess their compliance with the FISMA metrics set forth by DHS. These ever-evolving metrics currently include Annual Testing, POA&M Management, C&A, and Program Management. FISMA Compliance is also frequently tasked with short term, tight-deadline, ad hoc projects spanning all aspects of IT Security. Project deliverables include presentations, manuals, reports, mass information dispersion, spontaneous training, research projects, etc. The content of this work includes the analysis of privacy information, C&A artifacts, various security statistics, financial/budgetary statistics, and more.

- Assist in ongoing training efforts for TAFT, RMS, FISMA and other DHS related IT Security mandates which may include developing and presenting briefings given to an audience of other IT professionals.

- Participate in the development and maintenance of reports (mostly MS Excel) which serve to monitor and track multiple FISMA related metrics.

- Analyze DHS-issued fiscal year policy documentation to determine the upcoming annual metrics

- Use and maintain expertise in Trusted Agent FISMA Tool (TAFT) and the Risk Management System (RMS). Tasks include data research, report creation, account maintenance, data entry, file upload/downloading, etc.


- Must possess 5 years security experience.

- BS Degree is preferred.

- Ability to and interest in providing support and guidance to ISSO/SO's through the four phases of C&A, including monitoring C&A artifact compliance, annual self-assessment (NIST 800-53A) completion, vulnerability scans, annual contingency plan testing, and POA&M management. Must possess experience with FISMA.

- Able to assist with other ISSO responsibilities including documentation, policy compliance, and CM review, as well as user training.

- Working knowledge of Microsoft Office Suite (to include Excel, Word, and Powerpoint).

- Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.

- Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.

- Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with IT security.


- Working knowledge of the Trusted Agent FISMA Tool (TAFT) and the Risk Management System (RMS).

- Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53A, FIPS-199/200, and 800-30.

- Knowledge of NIST in regards to how it applies to FISMA reporting.

- Above average skills in MS Excel, and MS Access (to include ability to write macros, and/or code)

- CAP (Certification and Accreditation Professional)


Also tagged with one or more of these keywords: security, it security, vulnerability, privacy, tools, certification