Strategic Management Solutions
Cybersecurity Program Analyst
Strategic Management Solutions, Oak Ridge, Tennessee, United States, 37830
SMSI
provides expert management consulting, program and project management, and technical consulting services to government and private sector clients.
SMSI
has grown and evolved by building an outstanding reputation for client-focused performance and for delivering results that enable clients to meet commitments and milestones.
SMSI is an Equal Employment Opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Job Summary
SMSI LLC is seeking an experienced Cybersecurity Program Analyst to contribute to a portfolio of cyber security projects. The successful applicant will be a proactive problem solver with exceptional communication skills and attention to detail. The position will report to the Cybersecurity Program Manager and require interaction with all levels within and external to the organization, including client sponsors, senior managers, functional subject matter experts (SMEs), Information Technology (IT) staff, subcontractors, and external vendors. The position requires knowledge and application of industry best practices and ability to provide technical leadership for information security programs.
The position will operate in a location based on the client need; primarily will be remote but may require travel to client site(s) and/or work in SMSI office(s).
Responsibilities
The Cybersecurity Program Analyst will perform a variety of assessments and evaluations in support of SMSI and client organizations. Responsibilities will include, but are not limited to the following:Conduct NIST and/or CMMC assessments and gap analysis on IT systems.Analyze cyber programs and report results to the CIO and/or client sponsor. This may include creating, inspecting, reviewing policies and procedures, identifying shortfalls, making recommendations, and writing assessment reports.Evaluate and recommend effective approaches to protect systems, networks, software, data, and information systems against potential attacks.Provide technical assistance in developing, coordinating, and processing risk assessments. Provide risk consultation to requests for assessment services, evaluations, etc.Review IT system related initiatives for security sufficiency and identify issues to the CIO and/or client sponsor.Validate system and vulnerability assessments and develop post assessment program improvement roadmaps and action items.Provide professional guidance to security teams.Write, analyze, and design cybersecurity program policies and procedures.Research new threats, attacks, and vulnerabilities that may affect IT infrastructure, and ways to identify and protect against them.Assist in the investigation of potential cyber-attacks and intrusion attempts, with a focus on building resilience in the cyber programs.Prepare and present presentations, reports, and dashboards, providing recommendations and findings on matters relating to projects.Assist with proposal development.Perform other duties, as assigned.Required Skills
Ten+ years of relevant professional experience with understanding of IT hardware, software, databases, user interfaces, role/access management, and information security.Knowledge of Risk Management Framework requirements and process.Knowledge of the DOE/NNSA or similar government agency or industrial client or site cyber work environments, exposure to levels of leadership, customer, NNSA sites.Knowledge of current and emerging threats/threat vectors.Knowledge of business continuity, disaster recovery, and continuity of operations.Knowledge of system life cycle management principles, including software security and usability.Knowledge of DOE/NNSA or similar government agency or industrial client or site mission and cyber security program requirements.Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the Comp TIA Advanced Security Practitioner (CASP) certification.Ability to obtain and maintain a DOE Q Clearance.US Citizenship.Ability to pass a pre-employment background check and drug screen.Educational Requirements
Bachelor's degree preferably in computer science, engineering, information systems, or related discipline, or equivalent combination of education and experience.
Work Environment
This job operates in a combination of remote working and professional office environment.
Travel
Some travel may be required for this position.
provides expert management consulting, program and project management, and technical consulting services to government and private sector clients.
SMSI
has grown and evolved by building an outstanding reputation for client-focused performance and for delivering results that enable clients to meet commitments and milestones.
SMSI is an Equal Employment Opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Job Summary
SMSI LLC is seeking an experienced Cybersecurity Program Analyst to contribute to a portfolio of cyber security projects. The successful applicant will be a proactive problem solver with exceptional communication skills and attention to detail. The position will report to the Cybersecurity Program Manager and require interaction with all levels within and external to the organization, including client sponsors, senior managers, functional subject matter experts (SMEs), Information Technology (IT) staff, subcontractors, and external vendors. The position requires knowledge and application of industry best practices and ability to provide technical leadership for information security programs.
The position will operate in a location based on the client need; primarily will be remote but may require travel to client site(s) and/or work in SMSI office(s).
Responsibilities
The Cybersecurity Program Analyst will perform a variety of assessments and evaluations in support of SMSI and client organizations. Responsibilities will include, but are not limited to the following:Conduct NIST and/or CMMC assessments and gap analysis on IT systems.Analyze cyber programs and report results to the CIO and/or client sponsor. This may include creating, inspecting, reviewing policies and procedures, identifying shortfalls, making recommendations, and writing assessment reports.Evaluate and recommend effective approaches to protect systems, networks, software, data, and information systems against potential attacks.Provide technical assistance in developing, coordinating, and processing risk assessments. Provide risk consultation to requests for assessment services, evaluations, etc.Review IT system related initiatives for security sufficiency and identify issues to the CIO and/or client sponsor.Validate system and vulnerability assessments and develop post assessment program improvement roadmaps and action items.Provide professional guidance to security teams.Write, analyze, and design cybersecurity program policies and procedures.Research new threats, attacks, and vulnerabilities that may affect IT infrastructure, and ways to identify and protect against them.Assist in the investigation of potential cyber-attacks and intrusion attempts, with a focus on building resilience in the cyber programs.Prepare and present presentations, reports, and dashboards, providing recommendations and findings on matters relating to projects.Assist with proposal development.Perform other duties, as assigned.Required Skills
Ten+ years of relevant professional experience with understanding of IT hardware, software, databases, user interfaces, role/access management, and information security.Knowledge of Risk Management Framework requirements and process.Knowledge of the DOE/NNSA or similar government agency or industrial client or site cyber work environments, exposure to levels of leadership, customer, NNSA sites.Knowledge of current and emerging threats/threat vectors.Knowledge of business continuity, disaster recovery, and continuity of operations.Knowledge of system life cycle management principles, including software security and usability.Knowledge of DOE/NNSA or similar government agency or industrial client or site mission and cyber security program requirements.Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the Comp TIA Advanced Security Practitioner (CASP) certification.Ability to obtain and maintain a DOE Q Clearance.US Citizenship.Ability to pass a pre-employment background check and drug screen.Educational Requirements
Bachelor's degree preferably in computer science, engineering, information systems, or related discipline, or equivalent combination of education and experience.
Work Environment
This job operates in a combination of remote working and professional office environment.
Travel
Some travel may be required for this position.