Information Assurance Specialist
Location: Morgantown, WV
Duties to be performed on the job:
- Provide cyber security audits and compliance reviews
- Compile information to respond to cyber security related data calls
- Develop and document policies and procedures
- Ensure adherence to policy
- Develop, test, maintain, and provide training on contingency plans, including disaster recovery plans
- Ensure that system security plans are developed
- Ensure that the appropriate operational and security posture is maintained for IT systems and applications
- Inform CSPM of changes to IT systems or applications that might affect its accreditation
- Ensure the performance of risk assessments
- Serve as a liaison to CHRIS to ensure ongoing compliance with all cyber security requirements
- Ensure the definition, documentation, approval, and maintenance of standard baselines and procedures for the secure configuration of NETL IT systems.
- Conduct and/or coordinate cyber security training for NETL staff
- Investigate, document, and report incidents of waste, fraud, and abuse of IT resources
The Information Assurance function will coordinate periodic audits of selected systems and their supporting processes. Typically, audits will begin with a preliminary risk assessment to determine or verify the risk category of the information system. The risk category will be used to develop or verify the set of security control requirements. The final step will be to evaluate the existence and effectiveness of all required controls. Any weaknesses will be remediated and verified. The NETL Plan of Action and Milestones (POAM) process will be used to track issues that cannot be handled in a pre-defined timeframe.
The audits will require participation from system owners and custodians, and will often include technical testing and evaluation provided by cyber security operations. Information Assurance will coordinate this cross-functional participation and will be responsible for determining any remediation actions that are required.
- Minimum of 1-2 years of technical experience with Information/Cyber Security.
- Working knowledge of popular computer operating systems, network technologies and application technologies.
- Good team player – able to coordinate across and within teams and assist with various types of projects.
- Strong communication, organizational and analytical skills.
- Ability to multi-task, analyze, and interpret vulnerability data as well as identify related issues and recommend solutions.
- Creativity for improving the current policy and procedures.
- Bachelor’s degree in Computer Science, Engineering, Information Security or related field or equivalent experience.
- Certification, such as CISA, CISM, CISSP etc., in Information/Cyber Security field is preferred.
- Must be U.S. Citizen.