• Information Assurance Assessor - Senior Associate

    Job Locations US-Washington DC
    ID
    2019-3115
    Category
    Client Services
    Type
    Regular Full-Time
  • Overview

    What do you get when you bring together the brightest minds and place them into an exciting, fast-paced environment that fosters intellectual growth and rewards based on impact, not tenure?

     

     

    You get one of the fastest growing consulting companies in the United States. While we may be a new name in consultancy, we were born from a storied one. Guidehouse was founded in 2018 as an evolution of PwC Public Sector with a mission to help our clients deliver on their mission; providing bold new strategies that catalyze transformative results across all ends of the enterprise. We embrace brilliance. We embrace independence. Join us.

     

    Responsibilities

    Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance. Experience performing FISMA, OMB Circular A-123, or similar internal control assessments is nice to have. Experience remediating and implementing IT controls is beneficial. Experience testing or remediating some or all of the following IT controls topic areas is preferable:

    -          Access and account management, including authorization, provisioning, recertification, and separation

    -          Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege

    -          Technical account management controls, such as password length, complexity, and expiration

    -          Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review

    -          Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks

    -          Change management, including authorization, development, testing, and deployment of changes

    -          Contingency planning, including backups, testing of backups, and alternate sites

     

    Qualifications

    Responsibilities include some or all of the following:

    -          Performing rigorous assessments of IT controls using industry-standard guidance and leading practices

    -          Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators

    -          Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings

    -          Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement

    -          Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion

    -          Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel

    -          Planning and executing day-to-day activities of IT controls assessments individually and for the team

    -          Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans

    -          Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel

     

    This role supports client work contractually requiring US Citizenship and a TS/SCI CI Polygraph level Security Clearance.

    Additional Requirements

    • This position requires successful completion of a background check and employment verification.
    • The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.

     

    Disclaimer

    Guidehouse is an affirmative action and equal opportunity employer. Employment decisions will be made without regard to race, color, religion, sex, age, national origin, military status, veteran status, handicap, physical or mental disability, sexual orientation, gender identity, genetic information or other characteristics protected by law.

     

    If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

     

    Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

     

    Benefits include:

    • Medical, Rx, Dental & Vision Insurance
    • Personal and Family Sick Time & Company Paid Holidays
    • Parental Leave and Adoption Assistance
    • 401(k) Retirement Plan
    • Student Loan Paydown
    • Basic Life & Supplemental Life
    • Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
    • Short-Term & Long-Term Disability
    • Tuition Reimbursement, Personal Development & Learning Opportunities
    • Skills Development & Certifications
    • Employee Referral Program
    • Corporate Sponsored Events & Community Outreach
    • Emergency Back-Up Childcare Program

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed