IT Security Analyst

Position Summary:

AAMVA operates complex IT systems which support the real time information exchange required for the issuance of driver licenses, vehicle titling, and document verifications. The IT Security Analyst is responsible for documenting, maintaining, and monitoring security policies, standards, and procedures in accordance with Federal Information Security Management Act (FISMA) and SOC 2 Type II compliance regulations. Additionally, the IT Security Analyst will coordinate and lead AAMVA s FedRAMP compliance efforts and ensure the completion of FedRAMP required documents based on NIST 800-53 rev 5 FedRAMP Mod controls.

The position requires a talented individual with a blend of skills including leadership, technical, project management, and communication, both written and oral. The IT Security Analyst will join AAMVA Security team and report to the Manager of Governance, Risk and Compliance.

Essential Duties and Responsibilities:

• Operate with a high degree of independence and self-leadership regarding the management of the AAMVA s compliance activities and associated risk activities.
• Establish guidelines for the development and maintenance of security documentation against SOC 2 Type II and NIST/FedRAMP standards.
• Facilitate cross collaborative discussions with IT teams to assess and validate control design and implementation details.
• Document and maintain effective and practical policies and procedures to secure sensitive data, and ensure compliance with relevant control objectives, legislation, and other contractual obligations.
• Recommend programmatic and technical directions to continuously enhance the maturity of AAMVA s security controls.
• Internally assess, evaluate, and make recommendations to Management regarding the adequacy of the security controls and the level of compliance for AAMVA s information systems.
• Support the CISO in strengthening the organization-wide information security compliance program.
• Interacts in both oral and written communications with all levels of staff including technical staff, contract, finance, human resources, senior management, legal, and external auditors.
• Develop comprehensive remediation briefings outlining security gaps/deficiencies identified in audit findings (IT Financial Audit, SOC 2 Type II Audit, FedRAMP Assessment)
• Perform other duties as assigned to maintain the reputation of the organization as a viable business partner.

Direct Reports:

None

QUALIFICATIONS

Formal Education:

• Bachelor s degree with six to eight years of experience in information security, or IT operations
• College level courses and/or equivalent work experience may be substituted
• Security or auditor certifications are a definitive plus (such as CISA, CISM, CCSP)

Knowledge, Skills and Abilities Required:

• Strong working knowledge of FedRAMP requirements, processes, and controls.
• Strong project management or project coordination experience (ex: defining project scope, implementing project timelines and milestones, driving deliverables, identifying risks, gaps, and deficiencies with organization processes).
• Excellent Interpersonal and communication skills
• Strong understanding of cloud security principles and best practices (e.g. Microsoft Azure)
• Experience developing and maintaining Corrective Action Plans and Standard Operating Procedures
• Proficient in MS Office (Word, Excel, and PowerPoint) and SharePoint
• Strong attention to detail; ability to multitask and prioritize workload and meet deadlines.
• Solid experience with compliance frameworks supporting FISMA/NIST, SOC2, and PCI.
• Detailed oriented
• Ability to adapt quickly to new technologies and changing regulatory landscape
• United States citizenship required.

Disclaimer Statement: The preceding job description has been written to reflect management s assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.

AAMVA is an Equal Opportunity Employer/Veterans/Disabled