Senior Information Security Analyst (Remote)

In a world of possibilities, pursue one with endless opportunities. Imagine Next! When it comes to what you want in your career, if you can imagine it, you can do it at Parsons. Imagine a career working with intelligent, diverse people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for. Job Description: Parsons is looking for an amazingly talented Senior Information Security Analyst to join our team! In this role you will get to perform security control assessments on specified network environments to determine the extent to which information security controls are implemented correctly, operating as intended, and producing the desired outcomes. What You'll Be Doing: Understand terminology and process related to the regulatory control assessment lifecycle. Knowledge and/or experience using an eGRC tool. Provide control consultative support to the business to assist in redesign efforts to improve the control environment and identify opportunities for control improvements with the objective of mitigating risk and improving compliance and operational performance. Conduct comprehensive security control assessments levied against specified network environments and documenting the results, including recommendations for correcting any weaknesses or deficiencies in the controls. Understand concept of Controlled Unclassified Information (CUI) and be familiar with security mechanisms necessary to protect this classification of information. Review and Assess stakeholder security objectives, protection needs and concerns, security requirements, and associated validation methods. Identify and/or assess vulnerabilities and susceptibility to life cycle disruptions, hazards, and threats. Assess a wide array of support of technologies, network devices, hardware, and software. Familiar with compliance frameworks (ISO 27001/27002, NIST 800-171, CMMC) and supplemental guidance documentation. Support continuous monitoring of production systems in accordance with defined security controls. Understand and incorporate lessons learned from internal and external audits across the enterprise's portfolio of assessed network environments. Validate results of control testing conducted by Information System Security Officers (ISSO) in support of annual self-assessment requirements for IT systems within the required testing frequencies as part of the Continuous Monitoring Program. Review artifacts submitted as evidence of control testing results as a part of the self-assessment testing conducted by the ISSOs to validate reported test results. Collaborate with process and control owners through the assessment lifecycle for process documentation updates, testing coordination, remediation of identified deficiencies and advising on internal control enhancements or process changes, as appropriate. Review and assess system changes to determine the level of independent security assessment required in support of system migrations and integration of new tools. Perform reviews of security documentation as needed to ensure content meets the intended requirements and is suitable to determine the security posture and associated risk of an IT system. Support the planning and performance of IT risk-based security audits and projects, risk assessments, and communication to stakeholders. Participate in Security awareness program, train personnel on data security and privacy-related processes and responsibilities as needed. Help support customer security reviews, RFPs and external security and privacy inquiries. Participate in defining, collecting and tracking various Security Metrics. Participate in process improvement initiatives to mature Enterprise business processes in areas including, but not limited to, vulnerability remediation, patch remediation efforts, STIG compliance, and standard OS images. Document new and update existing policies, procedures, standards, and resources. Develop briefings and presentations to demo to fellow team members and/or Executive Leadership. Ability to work efficiently and effectively in a dynamic and fast-paced environment. Determine the clearest and most logical way to present information and instructions for greatest reader comprehension and write and edit technical information accordingly. Facilitate meetings with SMEs to ensure that specialized topics are appropriately addressed, and evidence is collected. What Required Skills You'll Bring: Ability to work independently and possesses a solid understanding of cyber security concepts. Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations. Ability to clearly communicate complex technical concepts to Information Technology Project Managers, Database Administrators, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Business System Owners and Executive Leadership. Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads. Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance. Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client. Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints. Possess strong analytical and critical thinking skills with the ability to apply them in work functions. IT background to accurately assess system changes and categorize them as a major versus minor change. Demonstrates the ability to assess overall risk to an IT system and the data it stores, processes, or transmits, based on the type of IT system changes being implemented. What Desired Skills You'll Bring: Knowledge of IS risk frameworks such as OCTAVE, FAIR, ISACA Risk IT, ISO 27005, NIST 800-30, etc. Knowledge of compliance requirements such as ISO 27001, CMMC, NIST 800-171, NIST 800-53, etc. Possess current or working towards relevant certifications (e.g., CISA, CISM, CRISC, etc.). Bachelor’s Degree, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of IS. Minimum Clearance Required to Start: Not Applicable/None This position is part of our Corporate team. We’re driving the future of the national security and critical infrastructure markets. Our employees work in a close-knit team environment to find new, innovative ways to deliver smart solutions that are used and valued by customers around the world. By combining unique technologies with deep domain expertise across cybersecurity, missile defense, space, connected infrastructure, transportation, smart cities, and more, we're providing tomorrow's solutions today. Salary Range: $100,400.00 - $175,700.00 We value our employees and want our employees to take care of their overall wellbeing, which is why we offer best-in-class benefits such as medical, dental, vision, paid time off, Employee Stock Ownership Plan (ESOP), 401(k), life insurance, flexible work schedules, and holidays to fit your busy lifestyle! The position may require a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief as required by customer requirements and some cases federal, state, provincial or local mandates. Parsons is an equal opportunity employer committed to diversity, equity, inclusion, and accessibility in the workplace. Diversity is ingrained in who we are, how we do business, and is one of our company’s core values. Parsons equally employs representation at all job levels for minority, female, disabled, protected veteran and LGBTQ . We truly invest and care about our employee’s wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest—APPLY TODAY! Founded in 1944, Parsons Corporation, a digitally enabled solutions provider, is focused on creating the future of the defense, intelligence, and critical infrastructure markets. From Earth to outer space, we deliver tomorrow’s solutions today. Equipped with the capabilities required to take on any defense, intelligence, or critical infrastructure challenge, our agile, innovative, and disruptive approach enables us to deliver solutions at the speed of relevance. Our people are our greatest asset. We strive to be an employer of choice that engages employees in the community and creates rewarding career paths to cultivate a resilient workforce that is ready for the future. For more about Parsons, visit parsons.com and follow us on Facebook, Twitter, LinkedIn, and YouTube.