Process Improvement Consultant
| Company | Guidehouse |
|---|---|
| Location | Chantilly, VA, USA, McLean, VA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Entry Level/New Grad, Junior |
Requirements
- An ACTIVE and CURRENT TOP SECRET/SCI federal security clearance with a Counterintelligence (CI) polygraph
- Bachelor’s Degree
- ONE (1) or more years’ experience in information technology, cybersecurity, and/or information assurance
Responsibilities
- Performing assessments of IT controls using industry-standard guidance and leading best practices
- Conducting interviews and discussions with a variety of client stakeholders, including IT system personnel such as Information System Security Officers (ISSOs) and system administrators
- Reviewing and analyzing documents and artifacts to assist in IT controls testing such as system security plans, SOPs, audit logs, configuration scans, and vulnerability scans
- Evaluating the implementation and effectiveness of IT controls using provided artifacts against federal requirements, industry guidance, and leading best practices
- Documenting the results of IT controls testing in a consistent and high-quality manner that would allow others to review and understand the results
- Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership
- Working with a team to understand and analyze IT control weaknesses, identify root causes, and develop remediation plans
- Providing assistance to client personnel on a wide range of matters relating to IT security and assurance
- Responding to ad-hoc IT security-related requests from client personnel
Preferred Qualifications
- Experience supporting the Federal government including Intel Community or DoD
- Demonstrated knowledge and experience in IT risk and controls through one or more of the following: IT audits, IT controls assessments, or IT security reviews
- Relevant certification such as the Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
- Demonstrated ability and working knowledge of: FISMA, NIST SP 800 series, FISCAM, other relevant federal information assurance laws, regulations, and guidance
- Experience performing: FISMA, OMB Circular A-123, or similar internal control assessments
- Knowledge of access and account management principles, including authorization, provisioning, recertification, and separation of duties
- Knowledge of contingency planning principles, including backups, testing of backups, and alternate processing sites
- Knowledge of configuration management principles, including configuration baseline concepts, baseline deviations, baseline maintenance, change control, and monitoring, and industry-accepted configuration settings such as DISA STIGs