Senior Information Security Analyst
Job Description
This role provides information security leadership in support of EPA initiatives within a hybrid Washington, DC area environment, with emphasis on RMF and NIST based program development and governance.
Responsibilities
- Provide guidance to senior stakeholders on information security initiatives spanning compliance, security awareness and training, and security operations.
- Lead Independent Verification and Validation activities for security authorization packages and ATOs to ensure alignment with agency requirements.
- Leverage a Governance, Risk, and Compliance tool such as Telos Xacta, CSAM, or RSA Archer to consolidate findings from assessments, audits, and vulnerability scans.
- Coordinate government data calls (FISMA, FMFIA, BDR) and compile monthly reporting.
- Evaluate the effectiveness of the information security and privacy training program and drive collection, analysis, and presentation of enterprise‑level security performance metrics.
- Oversee the InfoSec Program POA&Ms, including advising on remediation activities.
- Collaborate with senior agency security officials, system owners, ISSOs, and other stakeholders to advise and implement security solutions.
- Identify opportunities to improve work processes and introduce innovative approaches to service delivery.
- Engage in team problem solving and contribute ideas to resolve client challenges.
- Conduct targeted research and data analysis and develop supporting reports.
- Assist in drafting policies and procedures to support information security programs.
- Implement processes to monitor risk across programs and projects.
- Prepare executive briefings summarizing study results, analyses, and plans.
- Support client leadership in reviewing monthly progress, documenting issues, and tracking resolutions.
Requirements
- Ability to obtain a Public Trust.
- Bachelor's degree in information technology or related field plus 8 years of relevant IA experience; a security certification (for example, CISSP) may substitute for up to 2 years.
- More than 3 years in a leadership role.
- Strong data analysis skills.
- Excellent written and verbal communication skills.
- In-depth knowledge of applying, selecting and testing the NIST 800-53 Rev 4 security controls.
- In-depth knowledge of NIST 800-37 Risk Management Framework.
- Experience with a Governance, Risk and Compliance tool (e.g., Xacta, RSA Archer, CSAM or eMASS).
- Excellent attention to detail.
- Ability to handle and prioritize multiple tasks and deadlines.
Technologies
- Microsoft Copilot
- Telos Xacta
- CSAM
- RSA Archer
- eMASS
Location
Washington, DC hybrid
Compensation
Salary: USD 105,000 - 115,000 per year