Governance and Compliance Analyst (Senior) - 4LOCS(F)

Governance and Compliance Analyst (Senior)

Personnel Qualifications:

• A master’s degree in Computer Science or three (3) years of experience.
• At least 10 years of experience with: FISMA, NIST, SOX, Configuration and change management, CMMI, IT frameworks, ITIL, task order applications/technologies.

Capabilities:

• Establish processes and procedures for best practices.
• Facilitate a clear understanding among all parties about security and compliance requirements.
• Monitor access to information systems and database while protecting data storage.
• Implement application access controls, such as password authentication.
• Ensure that all department operations occur within a prescribed framework are aligned with required performance metrics and service levels and comply with governance and compliance policies.
• Stay abreast of, implement, maintain, and monitor industry best practices in information technology, compliance, security, and configuration management methodologies such as Capability Maturity Model (CMMI), Committee of Sponsoring Organizations (COSO)/ Sarbanes-Oxley (SOX), Federal Information Security management Act (FISMA), National Institute of Standards and Technology (NIST) guidelines Information.
• Track, monitor and ensure application patches and security alerts are properly tested and implemented before the applicable deadline.
• Ensure patches and alerts encompass all layers of the multi-tiered environment including applications, databases, servers and hardware.
• Work with employees at all levels of the organization; work closely with other branches and divisions with the Board such as Information Assurance and Information Technology (IT).
• Verify and validate user roles and access on a regular basis by distributing reports of use to system owners.
• Ability to apply Information Technology Infrastructure Library (ITIL) framework.Be familiar with TS financial and human resource applications, including infrastructure and network technologies (e.g., TCP/IP, Windows NT, UNIX, Linux, RedHat).
• Have a thorough understanding of computer programming, and training in risk management.
• Be able to communicate technical security information clearly and concisely both verbally and orally.
• Have a bachelor’s degree in computer science or a related degree in the IT field or equivalent experience.
• Have an understanding and/or experience with FISMA.