Senior Information Security Analyst

Job Category: Information Technology (IT)
Job Type: Full Time
Job Location: United States
Salary: $141 000 /yr 000 to $146
Company Name: American Institutes for Research

About the job

Overview

Work for a first-class institution that is innovative, multi-dimensional, and dynamic by joining AIR as a Senior Information Security Analyst.

We hire talented and forward-thinking professionals to build our cross-functional teams and support our clients in solving complex problems. Our people—problem-solvers, changemakers, and creative thinkers—are experts in their craft who rise to meet today’s challenges.

The Senior Information Security Analyst will play an integral role in delivering on some of the most meaningful projects in communities across the United States and the world. You’ll collaborate with our teams of motivated and passionate visionaries, where your input will be valued and your contributions vital to our success.

AIR’s Information Security Office is seeking a motivated Senior Information Security Analyst to join the Information Security team. In this role, you will be part of the security team responsible for coordinating, planning, and organizing information security activities throughout the institution. We are seeking a security professional with practical experience in all phases of security assessment and authorization, particularly in federal agency work. You will perform internal audits of a full range of information security controls and help AIR maintain compliance with both internal and external security requirements. You will lead continuous monitoring compliance and third-party risk management activities to maintain an effective security posture, safeguard AIR’s information technology assets, and ensure alignment with relevant compliance frameworks. If you are excited to be part of a winning team and want to roll up your sleeves and work on leading-edge information security work, this role is for you. This position reports to the Head of Information Security.

Periodic travel will be required to attend in-person events and meetings, attend industry conferences, meet with clients, and visit AIR offices, etc. based on business needs.

We value the experiences of every member of our institution, from entry level to executive. As part of our collaborative, learning-oriented team, you’ll be encouraged to grow in your career, develop additional skills, and progress professionally.

Candidates hired for the position may work remotely within the United States (U.S.) or from one of our U.S. office locations. This does not include U.S. territories.

About AIR

Established in 1946, with headquarters in Arlington, Virginia, AIR is a nonpartisan, not-for-profit institution that conducts behavioral and social science research and delivers technical assistance to solve some of the most urgent challenges in the U.S. and around the world. We advance evidence in the areas of education, health, the workforce, human services, and international development to create a better, more equitable world.

AIR’s commitment to diversity goes beyond legal compliance to its full integration in our strategy, operations, and work environment. At AIR, we define diversity broadly, considering everyone’s unique life and community experiences. We believe that embracing diverse perspectives, abilities/disabilities, racial/ethnic and cultural backgrounds, styles, ages, genders, gender identities and expressions, education backgrounds, and life stories drives innovation and employee engagement. Learn more about AIR’s Diversity, Equity, and Inclusion Strategy and hear from our staff by clicking here .

Responsibilities

The responsibilities for the position include:

Essential Job Functions Include But Are Not Limited To-

  • Execute internal controls assessments for AIR web applications, secure data enclaves, general support systems, and other key systems to support internal and external client security requirements.
  • Perform continuous monitoring activities to ensure compliance with internal and external requirements.
  • Assist with the development and maintenance of security authorization package deliverables that include the system security plan, risk assessment, contingency plan, configuration management, system design, and privacy impact threshold/assessment documents.
  • Perform and support third-party risk assessments and risk monitoring activities, including vetting new software and artificial intelligence (AI) use cases.
  • Oversee the remediation of findings utilizing standard Plan of Action and Milestones (POA&M) processes resulting from both internal and external security controls assessment, vulnerability assessments, and penetration testing.
  • Support annual contingency plan and incident response testing for AIR’s federal agency work.
  • Analyze and respond to vulnerability and application assessment reports.
  • Duties, responsibilities, and activities may change, or new ones may be assigned at any time based on business needs.
  • Qualifications

    Education, Know ledge, and Experience:

    • Bachelor’s degree with a minimum of 9 years of relevant experience in information security.
    • The qualified candidate must be a Certified Information Systems Auditor (CISA) or have at least 5 years of equivalent system auditing experience.
    • At least 2 years of experience with assessing cloud environments (Azure, AWS, Google).
    • At least 5 years of relevant experience with NIST Special Publications 800-53 and 800-171.
    • The candidate should be able to obtain a Level 6C Security clearance (Public Trust Position).
    • Proven expertise in security best practices and hands-on experience in implementing IT security systems, processes, and procedures.
    • Extensive knowledge of native cloud security and compliance capabilities and frameworks.
    • Proven knowledge of emerging technology trends, including AI governance and risk management.

    Skills

    • Demonstrated ability to communicate effectively with both technical and non-technical internal clients, understanding their needs and requirements.
    • Strong communication skills to seamlessly collaborate with technical teams, security/risk stakeholders, and individuals at all levels and from diverse backgrounds in a virtual work environment.
    • Exhibited ability to work well independently, and collaboratively as needed, while prioritizing multiple objectives and projects to consistently meet established timelines.
    • Demonstrated analytical, critical thinking, and problem-solving skills with meticulous attention to detail.
    • Ability to read, analyze and leverage security logs and other diagnostic evidence related to quality control.
    • Proficient in utilizing standard Microsoft 365 tools, including OneDrive, SharePoint, Excel, Word, and Adobe Acrobat Pro.
      APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx