Policy Analyst / Training Specialist
The Policy Analyst / Training Specialist provides analysis of client data, processes, or regulations related to the information security program of the U.S. Department of Health and Human Services (HHS) Indian Health Service (IHS). This position helps to develop processes and policies based on customer business needs and best security practices across the organization. Additionally, this position participates in the design and implementation of all security awareness and training activities.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Providing expertise concerning federal regulations such as FISMA, HIPAA, OMB, HSPD, FIPS, and NIST, as well as industry best practices and HHS and Agency directives and guidance, and translating such requirements into Agency-specific governance. Keeping Agency policies and procedures up to date with ever-changing cybersecurity regulatory requirements for federal and healthcare entities.
Designing, developing, and conducting trainings and outreach materials that enhance security awareness and aid in improving secure end-user behaviors.
Providing coordination and guidance in the development of web applications and tools, gathering requirements, project planning, documenting project lifecycles, testing and evaluating product performance, and ensuring acceptance of deliverables.
Managing web applications, developing application documentation, and providing user support and troubleshooting.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplishing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.
Monitors, analyzes and responds to IT security threats and events. Provides support for security and privacy incident and event handling, management, mitigation, forensic analysis, recommendation, testing, and reporting functions as related to incident response.
Works as part of an IHS Security “hotline” team to provide IHS users with the ability to contact security staff about suspected security problems. Answers, tracks, assesses and responds to reported security incidents. Escalates unresolved issues, when necessary or required.
Accesses and interacts with front-end security systems user interfaces (i.e., Tenable Security Center, SolarWinds, intrusion detection systems, security-monitoring systems, ticketing systems and web proxy systems).
Utilizes industry standard ticketing system for tracking, responding and closing out resolved security incidences. Helps to complete close out reports, corrective actions and lessons learned for each incident.
Coordinates efforts with fellow team members for effective and efficient resolution of security threats and events. Helps to accelerate the efforts of the IHS security team by providing responsive and reliable assistance to improve the security of IHS computer systems and networks.
Produces applicable metrics and statistical data analysis for decision-making use by management.
Conducts cyber intelligence gathering and reporting. Enhances security documentation production and reporting capabilities. Creates related reports, and conducts continuous monitoring related to reported incidents.
Assists in meeting mandates, directives, reporting and other security-related processes with respect to Federal regulations, such as: Federal Information Security Management Act (FISMA); Health Insurance Portability and Accounting Act (HIPAA); Office of Management and Budget (OMB) mandates; Homeland Security Presidential Directives (HSPD); Federal Information Processing Standards (FIPS); National Institute of Standards and Technology (NIST) guidance implementation; oversight and compliance; HHS and Agency directives, guidance and reporting requirements; as well as, industry “best practices and guidance.”
Responsible for aiding in own self-development by being available and receptive to any training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor's instruction in such a way as to maximize output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and Human Resources. Will immediately correct any unsafe conditions as the best of own ability.
EDUCATION / EXPERIENCE
Bachelor’s degree in Information Technology, Computer Science or a related field of study and a minimum of two (2) years’ relevant experience in security incident / breach response methodologies, forensic analysis, and the use of intrusion detection systems and network security products; or equivalent combination of education / experience.
CERTIFICATES / LICENSES / REGISTRATION
Must be able to obtain required government security clearance
Basic computer certification preferred (i.e., CompTIA, Microsoft, Cisco, etc.)
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Specialized knowledge and advanced skills in the tools, concepts, practices and procedures of security incident management, threat intelligence and continuous monitoring
Expert computer skills with advanced proficiency in a Windows and Linux based computer environment
Knowledgeable of security-related processes with respect to Federal regulations, as well as NIST 800-53 terminology and best practices
Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues
Excellent verbal and written communications skills with ability to write statistical reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management and federal staff)
Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner
Highly organized with ability to manage effectively multiple projects and priorities
Detail-oriented with ability to log accurately incident tickets in a ticketing software system
Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities
Ability to work effectively both independently and in a team environment for the successful achievement of goals
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from team, customer and federal staff.
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.
The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.