Core Values: As an organization, AAMVA believes core values are critical to individual success and effectiveness. Every individual will exhibit behaviors consistent with the following core values:
- Integrity and honesty in every interaction.
- Full accountability for individual behaviors.
- Customer service that is professional, responsive and positive.
- Innovation, collaboration and creativity in planning and problem solving.
AAMVA s Security team is looking for a capable, system security analyst, who enjoys security work and possesses expertise in information security, privacy and business continuity. The security analyst plays a key role in protecting AAMVA s systems and information assets by being an active contributor to AAMVA s governance, risk management and compliance efforts. As such, the analyst develops and maintains security documentation, presentations, architecture diagrams, and relevant risk management artifacts. The analyst reviews and monitors relevant compliance requirements originating from NIST, States and Federal agencies working with AAMVA, or any of AAMVA s commercial partners. The analyst will assist with the coordination of many security activities, including audits. The security analyst must be detailed oriented, well organized, and able to produce high quality deliverables. The analyst must be self-starter with equal affinity for team work and autonomous work.
Essential Duties and Responsibilities:
- Develop and maintain key security, privacy and business continuity artifacts and documents supporting a formal security certification and accreditation process based on the FISMA and the NIST guidelines
- Review security standards, policies, guidelines, originating from NIST, States and Federal agencies working with AAMVA, or any of AAMVA s commercial partners, for applicability and impact to AAMVA systems
- Develop and maintain AAMVA security policies, standards and procedures in response to AAMVA compliance requirements
- Assist with the review and drafting of contracts and agreements
- Support internal security compliance audit, and assist/support external audits
- Review security information events and assist with analysis as required
- Participate in an on-call rotation schedule
Direct Reports to this Position:
- Security and/or privacy certifications such as CISSP, CISM, CISA, CIPP or equivalent are highly encouraged
- Bachelor s degree with four to six years of experience in information security
- College level courses and/or equivalent work experience may be substituted
Knowledge, Skills and Abilities Required:
- Excellent verbal and written communication skills
- Excellent inter-personal skills; ability to interact with all layers of personnel
- Fully proficient with the Microsoft Office products, including Visio (able to produce high quality, complex documents)
- Fully proficient in the development and maintenance of security documentation, such as System Security Plans, Security Assessment Reports, Plan of Actions and Milestones, Privacy Policies and others
- General working knowledge in technical areas including Windows OS, networking, and database
- Problem solving skills, autonomy, self-driven and ability to work under pressure
- Knowledge of FISMA and the NIST publications
- Ability to adapt quickly to new technologies and changing business requirements
- Flexible schedule allowing to work outside of standard business hours when necessary
- United States citizenship required.
- Candidate must have, or qualify for, a Public Trust clearance
- Limited travel may be required.
Associated topics: cybersecurity, forensic, identity access management, idm, information technology security, leak, malicious, security, security engineer, violation