Security Analyst

Position Summary:

AAMVA operates complex IT systems which support the real time information exchange required for the issuance of driver licenses, vehicle titling, and document verifications. The IT Security Analyst will be instrumental in the migration effort of our systems from NIST 800-53 rev 4 to NIST 800-53 rev 5 framework. This role will lead AAMVA’s compliance initiatives, ensuring the development, maintenance, and monitoring of security policies and procedures in accordance with Federal Information Security Management Act (FISMA) and SOC 2 Type II regulations. The IT Security Analyst will work closely with the Governance, Risk, and Compliance manager and Chief Information Security Officer to evaluate security controls, conduct gap analysis, and complete required documentation based on NIST 800-53 rev 5 FedRAMP Mod compliance.

The position requires a talented individual with a blend of skills including leadership, technical, project management, and communication, both written and oral. The IT Security Analyst will join AAMVA’s Security team and report to the Chief Information Security Officer.

Essential Duties and Responsibilities:

• Lead efforts in the preparation for FISMA Rev 5 Assessment, ensuring compliance with regulatory requirements.
• Serve as subject matter expert for FISMA and FedRAMP control frameworks, interpreting control requirements and aligning them with organizational policies and procedures.
• Develop, update, and maintain the System Security Plan (SSP), policies, procedures, and supporting documentation required for compliance.
• Operate with a high degree of independence and self-leadership with regard to the management of the AAMVA’s compliance activities and associated risk activities.
• Establish guidelines for the development and maintenance of security documentation against SOC 2 Type II and FedRAMP standards.
• Collaborate with management and cross functional teams to communicate and administer compliance standards for policies and procedures.
• Facilitate cross collaborative discussions with IT teams to assess and validate control design and implementation details.
• Document and maintain effective and practical policies and procedures to secure sensitive data, and ensure compliance with relevant control objectives, legislation, and other contractual obligations.
• Internally assess, evaluate, and make recommendations to Management regarding the adequacy of the security controls for AAMVA’s information systems.
• Support the CISO in strengthening the organization-wide information security compliance program.
• Interacts in both oral and written communications with all levels of staff including technical staff, contract, finance, human resources, senior management, legal, and external auditors.
• Develop comprehensive remediation briefings outlining security gaps/deficiencies identified in audit findings (IT Financial Audit, SOC 2 Type II Audit, FedRAMP Assessment)
• Provide guidance in the development of appropriate corrective measures to resolve control compliance issues as they arise.
• Perform other duties as assigned to maintain the reputation of the organization as a viable business partner.

Direct Reports:

None

QUALIFICATIONS

Formal Education:

• Bachelor’s degree with six to eight years of experience in information security, or IT operations
• College level courses and/or equivalent work experience may be substituted
• Security or auditor certifications are a definitive plus (such as CISA, CISM, CCSP)

Knowledge, Skills and Abilities Required:

• Strong knowledge and understanding of NIST SP 800-53 Rev 5, FedRAMP baseline requirements, processes, and controls.
• Experience preparing for and supporting security assessments (FISMA, FedRAMP or similar).
• Strong understanding of security control implementation across areas such as access control, configuration management, incident response, data protection, and system and information integrity.
• Strong project management or project coordination experience (ex: defining project scope, implementing project timelines and milestones, driving deliverables, identifying risks, gaps, and deficiencies with organization processes).
• Excellent Interpersonal and communication skills
• Strong understanding of cloud security principles and best practices (e.g. Microsoft Azure)
• Experience developing and maintaining Corrective Action Plans and Standard Operating Procedures
• Proficient in MS Office (Word, Excel, and PowerPoint) and SharePoint
• Strong attention to detail; ability to multitask and prioritize workload and meet deadlines.
• Solid experience with compliance frameworks supporting FISMA/NIST, SOC2, and PCI.
• Detailed oriented
• Ability to adapt quickly to new technologies and changing regulatory landscape
• United States citizenship required.

Disclaimer Statement: The preceding job description has been written to reflect management’s assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.

AAMVA is an Equal Opportunity Employer/Veterans/Disabled