SOFT's client, located in Richmond, VA is looking for an Info Security Analyst III for a long term contract assignment.  This is a hybrid position.
 

The Security Control Assessor plays an integral role in ensuring that an organization’s information systems are evaluated for security risks and vulnerabilities, aligning with established information security policy and standards. This position involves a thorough examination of security controls, policies, and procedures to identify any weaknesses that could potentially be exploited. By conducting comprehensive assessments, the Security Certification Assessor provides essential insights and recommendations to enhance the security posture of the organization. Their expertise supports the development of strategies to mitigate identified risks, ensuring the protection of sensitive information and the integrity of IT systems. Through their work, the Organization is better equipped to navigate the complex landscape of cybersecurity threats, maintaining compliance with SAFR requirements, and safeguarding assets.

Responsibilities:
• Conduct thorough evaluations of information security controls to identify potential threats and vulnerabilities to the Systems information systems.
o The process includes a detailed review of security controls, policies, and procedures to prioritize risks and recommend enhancements that support organizational security goals
o Reviews data and assists in advising districts on best practices and how to implement the necessary changes to address their business and information security needs.
• Key participant in project development surrounding new processes and the integrating of new processes with existing ones. Assists in developing communications of these changes to impacted clients and other resources.

Hours of Work:
May require extended work hours. The ideal candidate will work a hybrid schedule and be in an office two days a week. Occasional travel including overnight stays may be necessary.

Required Qualifications:
• Bachelor’s degree in computer science, Information Security, or equivalent experience with 3 to 5+ years of relevant work experience
• Proven experience with conducting security assessments
• Knowledge of compliance frameworks and continuous authorization processes. Prefer NIST SP800-37, SP800-53/53a.
• Excellent communication skills and the ability to work collaboratively.
• Reviewing data and advising customers on SAFR requirements and best practices
• Building strong collaboration and negotiation relationships
• Poses creativity, attention to detail
• Understands and applies the risk management discipline in decision making and contributes to the functional area’s risk management

Preferred Qualifications:
• Certifications such as CISSP, CISA, CISM.
• Experience in a policy and assurance or quasi-governmental environment
• Familiarity with cloud service providers and associated security challenges
• Knowledge of SAFR lifecycle compliance and testing
• The candidate must possess skills that include experience with:
o Reviewing data and advising customers on SAFR requirements and best practices
o Building strong interpersonal collaboration, negotiation, creativity, attention to detail, and communication relationships   

Contracting Details

These are contracting opportunities. The duration is until 9/26/2025, then at that time they will determine if it will extend, and how long. Typical contracts go for 18-24 months in duration. It is 40 hours billable per week. Does not come with covered benefits or paid vacation days, but this one is paying in the range of $50/hr to $66/hr on W2.