DHCF DCAS Security Analyst (Compliance) (635000)

Contract with Government of the District of Columbia
DHCF – 955 L’Enfant Plaza SW, Suite 3500, Washington DC 20024
Position closes 09/22/2020

US Citizens or Green Card Holders Only

Short Description:

The Security Analyst – Compliance will be responsible for ensuring that the DCAS program maintains good standing in all security audits and for cataloging and updating all compliance documentation.

Skills/Required Years of Experience:

16+ yrs BA experience (Required 16 Years)
16+ yrs requirements gathering and documentation (Required 16 Years)
16+ yrs MS Office/PowerPoint experience (Required 16 Years)
IT security experience required (Security Policy and IT Secrutiy Audits etc.) (Required 10 Years)
Experience performing security audit work (Required 10 Years)
Experience conducting FISMA, FISCAM, audits, as well as developing Systems Security Plans (SSP), Privacy Impact Assessments, Contingency Plans and cer (Required 10 Years)
Strong knowledge of NIST Risk Management Framework (Required 7 Years)
Strong knowledge of Security Practices and processes (Required 7 Years)
Strong knowledge of Security Assurance, Controls and Compliance programs within the federal / DC space (Required 7 Years)
Knowledge and understanding of FISMA, NIST and SOC-2 information security standards (Required 7 Years)
Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired (Required 7 Years)
Minimum five years’ experience conducting security control assessments or audits (Required 7 Years)
Minimum two years’ experience developing or managing a security awareness program (Required 7 Years)
SOC-2 audit experience from a major professional services firm highly desire (Required 7 Years)
At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired (Highly desired 7 Years)
Ability to maintain security documentation and manuals (Required 7 Years)
Demonstrated competency in accurately identifying the scope of work and preparing thorough accurate and detailed schedule estimates (Required 7 Years)
Exceptional verbal and written communications skills with an ability to express complex technical concepts in business terms (Required 7 Years)
Solid teamwork and interpersonal skills (Required 7 Years)
Strong analytical problem-solving and conceptual skills (Required 7 Years)
BS/BA in MIS, Computer Science, or Security (Required)

Complete Description:

This position is housed under the Department of Health Care Finance (DHCF) in direct support of the DC Access System (DCAS).

The Department of Health Care Finance is looking for a candidate who must be customer service oriented, have strong team and interpersonal skills, and ability to multi-task when required. Excellent oral, written, and presentation skills are a mandatory requirement.

The Security Analyst Compliance will be responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.

Core Duties:
-Perform security assessments and review system security documentation based on FISMA and FedRAMP requirements
-Develop, review, and update Certification and Accreditation (C&A) packages and Authority to Connect (ATC) documentation for systems hosted and owned by D.C. and Cloud environments
-Maintain and manage the required systems security documentation on the Share-point Site:
-System Security Plans (SSP)
-Risk Assessments (RA)
-Contingency Plans (CP) and testing
-Federal Information Processing Standard Publication 199 (FIPS 199) Security Categorization
-Privacy Impact Assessments (PIA)
-Security Control Assessments (SCA) Certification
-Annual and quarterly security documentation review and testing
-ATO / ATC certifications and re-certifications
-Security Self Assessments (SSA)
-Memoranda of Understanding (MOU)
-Interconnection Security Agreement(s) (ISA)
-Develop and update the IRS Safeguard Security Report (SSR)
-Develop and update the IRS Corrective Action Plans (CAPS)
-Develop and update the IRS Inspection Plan and Inspection Reports
-Coordinate with departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans, security plans, and the processes involved in the D.C. required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS)
-Develop IT security Policies
-Develop IT security Procedures
-Manage the Computer Security Awareness Training and Role-Based Training projects
-Develop, review, update and publish Rules of Behavior
-Develop and implement information sharing regarding cyber security best practices and common vulnerabilities
-Administer and manage the site and content blocking, event monitoring, network intrusion detection systems
-Conduct, as needed, vulnerability assessment, and security risk analysis
-Support process, technical and R&D activities
-Conduct research of new technologies, systems and processes to make recommendations on the enhancement of the security posture
-Perform research and preliminary proof-of-concept testing of security tools
-Prepare and submit SAR responses
-Manage day-to-day security operations, including assisting on investigative matters related to information security as requested
-Conduct Plan of Action and Milestones (PO&AM) reviews, oversight and reporting as well as Privacy Impact Assessments
-Coordinate data collection, analysis and reporting for IT security data calls, Freedom of Information Act (FOIA) -Requests, Incident reports
-Excellent attention to detail
-Excellent oral and written communication skills
-Ability to work in a fast-paced, dynamic environment
-Ability to interface with all levels of management
-Ability to perform complex tasks with minimal supervision and guidance
-Excellent time management, scheduling, and organizational skills
-Ability to work well independently or in a team setting


  1. Formulates and defines systems scope and objectives based on both user needs and a thorough understanding of business systems and industry requirements.
  2. Devises or modifies procedures to solve complex problems considering computer equipment capacity and limitations, operation time, and form of desired results. Includes analysis of business and user needs, documentation of requirements, and translation into proper system requirements specifications.
  3. Provides consultation on complex projects and is considered to be the top level contributor/specialist of most phases of systems analysis, while considering the business implications of the application of technology to the current and future business environment.

Minimum Education/Certification Requirements:
Bachelor’s degree in Information Technology or related field or equivalent experience; or a current Project Management Professional (PMP) Certification

Background check is required, if selected for the position.
There are no reimbursable expenses allocated to this position.

This entry was posted in Closed Positions. Bookmark the permalink.