Monroe Consulting Group Philippines is recruiting on behalf of a technology company that is US-based who is a leading provider of advanced technology solutions that secure the vital assets of the world's most demanding enterprises. As part of their portfolio of capabilities in providing cost-effective solutions to military, intelligence, and civilian agencies of the federal government, they have extensive experience in delivering output that meets exacting standards and under demanding conditions.
Our respected client is seeking an Information Assurance and Cybersecurity Analyst who will perform Information Assurance and compliance related tasks. They are responsible for examining technical configurations, interviewing system owners, assisting with, and supporting system self-tests, researching product technical documentation, and documenting technical security baselines.
They are required to apply domain knowledge and collaborate with team leads and clients to translate functional needs into technical security solutions appropriately. They will interface with Risk Management Framework and other cybersecurity practitioners including the CISO, CITO, CSO, system owners, and engineers to assist with the development of the security compliance and risk management documentation packages. The job is in Makati City, Philippines, with a Hybrid work set-up but is still on a work from home until further notice.
Key job responsibilities:
- Utilize the Xacta IA Manager Software Suite and other Risk Management/compliance software in the conduct of IA, cybersecurity, and risk compliance activities.
- Document the security aspects of systems, software, applications, DevSecOps, and associated Risk Management data that are consistent with existing risk management frameworks compliance analyst responsibilities.
- Conduct "walkthroughs" of enterprise systems, applications, and DevSecOps projects to collect required artifacts, in support of the initial NIST and ISO certification efforts and subsequent continuous monitoring findings.
- Assist in the performance of security control assessment planning and execution, in compliance with policies and procedures. This is to be done with minimal supervision.
- Leverage prior experience working with a wide variety of technologies and knowledge of the current state of information security to interpret requirements of relevant governing bodies (NIST, ISO, CMMC, etc.).
- Utilize the Xacta application suite to produce a Body of Evidence consistent with local, NIST, FISMA, and other higher-level governance, e.g., Security Assessment Report (SAR), Risk Assessment Report (RAR), specific POA&M portions, vulnerability reports.
- Interact daily in person, via email and phone conversations, with an enterprise user base to provide support to government Xacta IA Manager Software Users.
- Perform other administrative and support functions as needed.
- Work cooperatively with employees of the Corporation, its global subsidiaries and other industry partners.
- Be available to support working with company staff globally including PH and US time zones, as needed.
- Attend meetings, as required.
- Perform other duties as requested and within areas of expertise.
Reports and Records
- Prepared Reports
- Refer to Main tasks & responsibilities.
- Incident Reports, as needed.
- Ad Hoc reports, as requested.
- Refer to Main tasks & responsibilities.
- Bachelor's Degree in Cyber Security, IT, Engineering, or a related field and 5 years' experience in IT or Security.
- Must possess CompTIA Security+ certification.
Must be willing to achieve one of the following certifications within a year of hiring:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Extensive knowledge of a variety of the Cybersecurity field's concepts, practices, and procedures to ensure the secure integration and operation of all systems.
- Extensive experience with the implementation of the NIST SP 800 family of publications, particularly those associated with NIST's Risk Management Framework.
- Extensive specialized knowledge of audit standards classified system IA requirements and Privacy requirements.
- Extensive experience with evaluating system, network, or infrastructure security controls against requirements such as ISO, NIST, and CMMC guidelines.
Extensive knowledge and experience with all the following criteria:
- Vulnerability scanning execution, assessment, and analysis.
- Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])
- Information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies.
- Application security, database security, and network security
- Extensive experience and demonstrable judgment in planning and accomplishing goals.
- Demonstrable ability to work independently to solve problems quickly and completely.
- Experience in supporting, monitoring, testing, and troubleshooting hardware and software IA problems.
- Demonstrable ability to assess and weigh current and evolving security threats in an operational environment.
- Outstanding problem solving and analytical skills, including the ability to create clear observations, analysis, and conclusions based on customer interviews and data.
- Outstanding research skills; is resourceful and persevering.
- Excellent verbal and written English communication skills.
- Good team player: has the ability to work in and with teams
- A thorough appreciation of corporate values
- Capable of making sound decisions
- Is proactive and capable of self-direction and self-motivation.