The Information Security Analyst is part of the Granicus Security team to ensure cohesive awareness of risk and our risk reduction capabilities, as well as easily collaborate with other departments who support our Security Program. Owns delivery of assigned security compliance projects in support of ongoing compliance programs. Assist team with other security and/or privacy compliance projects as assigned. Services should be performed in accordance with professional and department standards. Responsibilities include assessing the current adequacy of security strategy and controls for assigned systems, calculating the impact of potential adverse events, and facilitating risk mitigation planning and review sessions. This role assists with internal and third-party risk assessments.

What You'll Do:

• Develop and support maintenance of System Security Plans (SSP) and related security documentation for internal systems
• Prepare for, participate in, and support security certification and NIST-800-53 based compliance audits (FISMA, FedRAMP, 800-171, CMMC, etc.)
• Gather or coordinate the collection of necessary evidence
• Conduct NIST SP 800-53A assessments on internal systems through personnel interviews and documentation review, determine compliance with policies and procedures, recommend corrective actions, and prepare findings reports
• Create POA&Ms and tracks associated mitigation
• Review and process monthly vulnerability scan results for assigned systems and work with the technical teams to ensure vulnerabilities are resolved on time
• Track SLAs on audit and continuous monitoring findings
• Self-manage assigned projects, report status, issues and recommendations for success

Who You Are:

• You have a bachelor's degree preferably in a Computer Networks and Cybersecurity or Computer Science (or equivalent)
• You have worked 3+ years with information security governance, compliance, and/ or auditing with at least 2 years direct and/ or related experience assessing information systems following NIST Special Publications e.g. NIST 800-37, 800-53, 800-137, etc.
• You are familiar with a variety of the IT technologies, architecture, concepts, best practices, and procedures, information security principles, standards, tools, and methodologies
• You are familiar with assessing commercial cloud environments
• You have strong "accountant-like" mindset and attention to detail, ability to interface with all levels of personnel (system administrators, ISSO, Developers, etc.)
• You have proven problem solving and analytical abilities with the ability to prioritizing large amounts data
• You can effectively handle ambiguous, dynamic tasks and have the ability to switch focus in response to events and circumstances
• You can contribute and/or author deliverables e.g. System Security Plan (SSP), Security Assessment Report (SAR), Plan or Actions and Milestones (POA&M), and Security Impact Analysis (SIA)
• You are results oriented with the ability to self-manage and work independently 
• You have strong experience in Microsoft Word, Excel, and PowerPoint

Desired Characteristics:

• At least one of the following certifications: Security+, CAP, CISA, CISM, CISSP
• Understands and prioritizes work according to time and resource constraints
• Comfortable with presenting work to small audiences (10-20 people)
• Has strong presentation, verbal and written communication skills
• Able to operate effectively independently and in teams, making progress on tasks while dealing with potential process and project ambiguity
• Understands risk management concepts
• Maintains excellent organizational, planning, and time management skills
• Ability to work within and coordinate with other agile-based teams
• Experience with JIRA and Confluence is strongly desired
• Working knowledge and ability to submit non-complex database queries
• Experience with FedRAMP

Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.