Vistronix is actively seeking a Senior IT Risk Management Analyst to join our team. The selected candidate will support a government client in Fort Collins, CO as a key member of a program support team for an enterprise-level software development initiative.
Would you like to be part of a dynamic team of dedicated software professionals? Are you concerned about protecting our Nation’s natural resources? We need people who are committed to action. People who want to apply their education and experience to make sure that all of us enjoy the benefits of productive soil, clean water, clean air, and abundant wildlife that come from a healthy environment.
Natural resource conservation is an effort of Federal and State agencies, universities, and professional societies to deliver science-based information to land owners. Join us to build the technology to help people understand, preserve and increase the productivity of our natural resources.
This position requires knowledge of effective and efficient management of IT risk and controls, to ensure that regulatory and compliance requirements are met throughout the Software Development Life Cycle (SDLC). The candidate will be responsible for:
Developing and nurturing trusted relationships with the IT Project Managers who are responsible for NRCS applications Performing interviews, walkthroughs and risk assessments for key controls on new and existing applications throughout the SDLC to ensure that IT regulatory requirements are being effectively met (i.e., designed, tested and deployed) Ensuring that existing controls are accurately documented in procedures and Application Security Profiles (ASPs), with current evidence of effective operation Designing sustainable strategies and measurement systems to ensure that compliance requirements can continue to be maintained over time Documenting Privacy Impact Assessments (PIAs) for web applications Cultivating respect and trust from Security, Privacy, and Compliance team members with regards to compliance strategies and remediation of findings Formulating pragmatic process remediation and implementation strategies, defining milestones and submitting assessment findings and recommendations Conducting periodic interim risk assessments with IT Project ManagersUnderstanding the broad regulatory landscape affecting IT Security and Privacy and remaining current with emerging regulatory requirements (e.g., Revision 4 of NIST SP 800-53) as well as the current solution trends in the marketplace Qualifications:
Education and Experience:
Bachelor’s degree (computer science and/or finance-related), MS/MBA preferred 10+ years of business related experience 8+ years in Technology Risk, IT Audit, and/or Information Security, including the assessment of applications against regulatory requirements, for new software development projects and existing applications that are in the maintenance phase of their lifecycle 8+ years of demonstrated hands-on development of application software and/or database administration 5+ years of project management experience for software development projects Must have active Certified Information Systems Security Professional (CISSP), Certified Information Security Management (CISM) certifications, and/or Certified Information Systems Auditor (CISA) certification(s), with CIPP/G also desired Required Skills and Competencies:
Strong communication, interpersonal and organizational skills, including the ability to write in clear, concise language Practical knowledge in the management of IT-related projects Familiarity with government systems and operations – prior government work experience (contractor or federal) preferred Understanding of application of security controls as defined in NIST SP 800-53 Proficiency with privacy requirements (i.e., the Privacy Act of 1974) Actual experience with all phases of Software Development Life Cycle (SDLC) Ability to multi-task, work both independently and as part of a team in a dynamic, fast-paced work environment Proficiency with MS Office Suite, including Word, Excel and PowerPoint Experience with using MS Project and VISIO Desired Skills:
Experience with enterprise-level IT Risk Management and /or IT Audit functions Able to apply sound judgment, pragmatic thinking and tact in complex projects Demonstrated ability to educate executives and IT professionals regarding technology and IT regulatory requirements (including risk remediation options) in the context of large and complex projects Excellent communicator with strong client relationship focus when working with IT Project Managers, enterprise architects, and information security engineers to articulate options to mitigate risk Exceptional advisory and consulting skills in technology risk and control matters Active Project Management Professional (PMP) certification preferred Successful candidate is subject to a background investigation by the government and must be able to meet the requirements to hold a position of Public Trust.
Vistronix staff members enjoy a collaborative work environment. We recognize our staff for their contributions to the team’s success as well as individual professional