Security Analyst

Grant Thornton LLP Alexandria , VA 22313

Posted Yesterday

Grant Thornton is seeking a Senior Associate to join its Risk Advisory service line and take an active role in engagement execution, project management and key business development activities.

Grant Thornton Public Sector helps executives and managers at all levels of government maximize their performance and efficiency in the face of ever tightening budgets and increased demand for services. We give clients creative, cost-effective solutions that enhance their acquisition, financial, human capital, information technology, data analytics, and performance management. For more information, visit grantthornton.com/publicsector.

At Grant Thornton, our professional staff applies traditional, cutting-edge approaches and methods to a variety of analyses. As part of our team, the Senior Associate will utilize various methodologies and models to execute client projects.

ESSENTIAL DUTIES:

  • Creation of system security plans to include content and development of control implementation description responses.

  • Mapping of NIST security controls via the SP800-53 series to systems under FISMA or FedRAMP requirements.

  • Creation of the FIPS-199 content for the categorization of systems under FISMA and FedRAMP requirements.

  • Support to billable projects and clients for security compliance planning and documentation.

  • Creation of evidence and artifact repositories for system security plans tracking to applicable security controls.

  • Planning and leading system security plan approaches for development of Authorization to Operate (ATO) packages

  • Collaboration with security engineers and architects to ensure all controls are met through the design and build process.

  • Collaboration with systems engineers and architects for adjustments to design build activities to meet security controls and standards.

  • Support to security architect activity to meet security controls objectives.

  • Participation in client projects as a security Subject Matter Expert (SME)

  • Participation in proposal development as a security SME

  • Meet or exceed targeted billing hours (utilization).

  • Assist with business development activities, such as proposals, capture, account teams, whitepapers, conferences, and/or other thought leadership materials

  • Preferred Certifications: CISSP, CISM, Security .

  • Must be familiar with FISMA and FedRAMP with a solid understanding of the NIST Special Publications (SP) and Federal Information Processing Standards (FIPS) series.

  • Must have a basic understanding of information technology, networking, and cloud architectures.

  • Familiar with operating systems and security baselines (e.g. DISA STIG, CIS, USGCB).

  • Must be a US Citizen with the ability to get a secret clearance.

  • Bachelor's Degree required from an accredited college or university in a related field.

  • Ability to obtain and maintain certain job-related certifications if no job-related advanced degrees.

  • U.S. citizenship may be required. Ability to work in the United States indefinitely required.

  • Travel may be required.

  • Ability to work overtime required on occasion.

  • Ability to sit in an office environment for long periods of time.

  • Ability to obtain and maintain a security clearance.

  • Ability to communicate clearly in writing and verbally.

  • Ability to obtain and maintain firm independence and abide by firm ethics requirements.

  • Meet or exceed continuing professional education (CPE) requirements.

Grant Thornton LLP is the U.S. member firm of Grant Thornton International, one of the six global accounting, tax and business advisory organizations. Grant Thornton's Public Sector, based in Alexandria, VA, is a global management consulting business with the mission of providing responsive and innovative financial, performance management and systems solutions to governments and international organizations. Visit Grant Thornton's Public Sector at www.grantthornton.com/publicsector.

It is Grant Thornton's policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability, or any other characteristic protected by applicable federal, state, or local law.


Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Cyber Security Analy...

Grant Thornton LLP

Posted Yesterday

VIEW JOBS 7/15/2018 12:00:00 AM 2018-10-13T00:00 Grant Thornton is seeking a Senior Associate to join its Risk Advisory service line and take an active role in engagement execution, project management and key business development activities. Grant Thornton Public Sector helps executives and managers at all levels of government maximize their performance and efficiency in the face of ever tightening budgets and increased demand for services. We give clients creative, cost-effective solutions that enhance their acquisition, financial, human capital, information technology, data analytics, and performance management. For more information, visit grantthornton.com/publicsector. At Grant Thornton, our professional staff applies traditional, cutting-edge approaches and methods to a variety of analyses. As part of our team, the Senior Associate will utilize various methodologies and models to execute client projects. ESSENTIAL DUTIES: * Cyber security practitioner with 3 to 5 years of information security experience to be a key part of the rapidly growing cyber service within Grant Thornton's Public Sector Practice. * Performing cyber security assessments to detect and identify weaknesses in the security posture of an organization's information technology environment (platforms, applications, infrastructure, etc.); * Working knowledge of information security control frameworks including NIST Special Publications, ISO, FISMA, COBIT, etc. * Developing recommendations and action plans to reduce, mitigate, and/or remediate the impact of identified vulnerabilities. * Conducting vulnerability scans, evaluating results, and delivering comprehensive reports to communicate findings and impact to both technical and non-technical audiences. * Executing targeted attacks to simulate the methods and activities of a malicious attacker from both internal and external entry points. * Meet or exceed targeted billing hours (utilization). * Assist with business development activities, such as proposals, capture, account teams, whitepapers, conferences, and/or other thought leadership materials. * Travel is required. * Vulnerability Assessments experience. * Penetration Testing experience. * Working knowledge of information security control frameworks including NIST Special Publications, ISO, FISMA, COBIT, etc. * Experience with Social engineering and phishing campaigns. * Wireless security experience. * Preferred certifications are as follows: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Security . * Other desired technical skillsets include a combination of the following: * Network scanning, Mobile device security management, Security Authorization and Accreditation (SA&A), Independent Verification & Validation (IV&V), Privacy Impact Analysis, Cybersecurity strategy and governance assessments, Cybersecurity risk assessments, Cyber best practices and benchmarking, Vulnerability management, Disaster recovery and contingency planning, Compliance testing with regulatory requirements and industry frameworks, Security Test & Evaluation (ST&E). * Bachelor's Degree required from an accredited college or university in a related field. * Ability to obtain and maintain certain job-related certifications if no job-related advanced degrees. * U.S. citizenship may be required. Ability to work in the United States indefinitely required. * Ability to work overtime required on occasion. * Ability to sit in an office environment for long periods of time. * Ability to obtain and maintain a security clearance. * Ability to communicate clearly in writing and verbally. * Ability to obtain and maintain firm independence and abide by firm ethics requirements. * Meet or exceed continuing professional education (CPE) requirements. Grant Thornton LLP is the U.S. member firm of Grant Thornton International, one of the six global accounting, tax and business advisory organizations. Grant Thornton's Public Sector, based in Alexandria, VA, is a global management consulting business with the mission of providing responsive and innovative financial, performance management and systems solutions to governments and international organizations. Visit Grant Thornton's Public Sector at www.grantthornton.com/publicsector. It is Grant Thornton's policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability, or any other characteristic protected by applicable federal, state, or local law. Grant Thornton LLP Alexandria VA

Security Analyst

Grant Thornton LLP