Cybersecurity Assessment and Authorization Analyst

The Cybersecurity Assessment and Authorization Analyst provides support to the Department of Health and Human Services, Indian Health Service (IHS). This position is responsible for executing and assisting in the completion of security certifications and for providing support in the development and implementation of a program to manage all aspects of compliance with government regulations Chickasaw Nation Industries, Inc. serves as a holding company with multiple subsidiaries engaged in several lines of business (Technology, Infrastructure & Engineering, Health, Manufacturing, Public Safety, Consulting, and Transportation) for the federal government and commercial enterprises. A portion of our profits is used to support Chickasaw citizens. We are proud to support the economic development and long-term viability of the Chickasaw Nation and its people. CNI offers premium benefits eligible on the first day of hire to full time employees; (Medical - Dental - Vision), Company Life Insurance, Short-Term and Long-Term Disability Insurance, 401(K) Immediate Vesting, Professional Development Assistance, Legal Aid Assistance Program, Family Planning / Fertility Assistance, Personal Time Off, and Observance of Federal Holidays. As a federal contractor, CNI is a drug-free workplace and adheres to the Federal Controlled Substance Act. Essential Requirements

CAP, CISSP, CISM, CISA, SANS

GIAC, Security+, Network+, Linux+, MCSE, CCNA or SSCP certifications preferred. In depth knowledge of

NIST SP 800

series and FedRAMP guidance and standards. Highly organized with ability to effectively manage multiple projects and priorities. Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities. Ability to effectively work both independently and in a team environment for the successful achievement of goals. Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management, and federal staff). Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues. Working knowledge and understanding of OMB, FISMA, FIPS, HIPPA and other federal regulations and requirements associated with Information Security. Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices. Ability to read, analyze, and interpret common information systems security documents. Expert computer skills with advanced proficiency in a Windows and Linux based computer environment.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities include the following. Other duties may be assigned. Conducts annual security controls effectiveness testing. Documents findings and advises and monitors remediation efforts on all systems in accordance with established policy and procedures. Conducts significant research, evaluation, recommendation, and documentation development such as security assessment reports, methodologies, briefings, and presentations. Conducts information security audits/risk assessments on customer systems and network and documents in accordance with NIST, Risk Management Guide for Information Technology Systems. Annually reviews and updates the security and contingency plan for each system in conjunction with security audits and makes recommendations to address deficiencies. Assists system owners in developing security authorization packages that are fully compliant with National Institute of Standards and Technology (NIST) guidelines and organizational defined standards. Evaluates the implementation of security controls as required by NIST. Prepares security authorization packages using approved customer templates. Assists in meeting mandates, directives, reporting, and other security-related processes with respect to Federal regulations such as FISMA; Health Insurance Portability and Accountability Act (HIPAA); Office of Management and Budget (OMB) mandates; Homeland Security Presidential Directives (HSPD); Federal Information Processing Standards (FIPS) and NIST guidance implementation, oversight, and compliance. Reviews and updates risk assessments when significant changes occur to systems/network. Ensures customer information and information systems are adequately protected from unauthorized access, use, disclosure, disruption, modification, or destruction. Briefs and provides documented results to staff. Briefs include, at a minimum, areas of conformance to directives, corrective recommendations for deficiencies, and POA&M explanations to correct deficiencies. Analyzes major IT systems, from a security perspective, during the initial phases of system development and throughout the systems development lifecycle. Reviews standard security configurations to assure compliance with federal directives and industry best practices.

EDUCATION/EXPERIENCE

Bachelor's degree in Computer Science or a related field of study and a minimum of eight (8) years' relevant experience, or equivalent combination of education / experience. Must have at least eight years (8) of information security experience and with at least four (4) years of certification and accreditation (C&A) compliance / Security Assurance (SA) experience (NIST based).

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic. The estimated pay range for this role is $70,000 to $80,000, with the final offer contingent on location, skillset, and experience. CNI offers a comprehensive benefits package that includes: Medical Dental Vision 401(k) Family Planning/Fertility Assistance STD/LTD/Basic Life/AD&D Legal-Aid Program Employee Assistance Program (EAP) Paid Time Off (PTO) Training and Development Opportunities #

INDREMOTE

Chickasaw Nation Industries, Inc. (CNI) is a federally chartered corporation wholly owned by the Chickasaw Nation. Headquartered in Norman, Oklahoma, CNI serves as a holding company with multiple subsidiaries that operate as Limited Liability Companies (LLCs) engaged in several lines of business including Civilian, Defense, Filtration, Network Services, and Research, Development, Test and Evaluation. CNI supports a diverse culture that offers innovative approaches and customer-centered services. When you do business with us, you gain efficient and cost-effective solutions that help safeguard the environment, protect and secure key assets, and connect resources to needs. We are proud to support the economic development of the Chickasaw Nation and to contribute to the tribal mission of enhancing the overall quality of life of the Chickasaw people. A portion of our profits is used to support Chickasaw citizens through a multitude of programs and services such as education, health care, nutrition services, housing programs, legal services, elder and child care and community support programs. Successful economic development is an integral part of the Chickasaw Nation's operations.