|
Job Type: Regular
Overview The Information Assurance Systems Analyst provides technical execution of information assurance functions to include operational monitoring, incident response, applying established procedures within a defined scope to governance, compliance, cybersecurity and risk management to protect information assets, and to facilitate compliance with federal, state and local cybersecurity requirements (e.g., NIST 800-171, CMMC - Cybersecurity Maturity Model Certification). This position analyzes sensitive data, identifies vulnerabilities, and collaborates with various teams to implement and maintain information security measures as a member of the Information Security Team. Analyze and maintain System Security Plans (SSPs) with supporting documentation aligned with NIST 800-171 and CMMC practices; assist with regular information security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&Ms); coordinate security authorization and compliance activities across IT systems and applications. This position reports directly to the Manager, IS Information Assurance. Additional duties outlined below:
Perform ongoing information security technical reviews of applications, infrastructure, and business processes to verify compliance and identify improvements; recommend remediation actions, track remediation efforts, and collaborate closely with IT, DevOps, and business teams; execute comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, and other relevant regulations; analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR99); collaborate with system and network administrators to implement audit features that are configured and enabled correctly. Perform third-party/vendor information security reviews as part of the procurement and onboarding process; review supplier security documentation and manage risks associated with external data sharing and service providers. Participate in incident response activities, including documentation, coordination, and lessons learned reviews; help improve incident detection, containment, and prevention through policy, training, and technical improvements.
Utilize GRC (Governance, Risk, and Compliance) tools to document and track risk assessments, policy compliance, and mitigation efforts; identify and evaluate risks to information assets; assist in the development of risk treatment and remediation plans; review and analyze policy exceptions to assess impact and risk, track approvals, and monitor mitigation within target remediation timeline.
Qualifications Required:
Minimum 5 years of experience with a BS/BA degree in an IT information security or compliance role in a corporate or government contractor setting. (Minimum 9 years' experience without a BA/BS degree.) Strong understanding of NIST SP 800-171, CMMC Level 2, and basic DFARS cybersecurity clauses. Knowledge of multiple federal government network security processes and procedures Technical background with understanding or hands-on experience in Information Technology environments and web technologies. Excellent oral and written communications skills required for correspondence, reports, briefings, and procedures. U.S. Citizenship (required for defense contractor compliance). Must have the ability to obtain and maintain a security clearance. Cybersecurity Risk Management or Information Assurance related certifications. Excellent written and verbal communication skills.
Preferred:
Professional certifications such as Security+, CISSP, CISA, or CRISC. Familiarity with audit processes, internal controls, and security risk assessments. Knowledge of Microsoft office applications Working knowledge of Confluence and Jira for task management
Education With a BS/BA degree, at least 5 years' experience in cybersecurity required. Without a BS/BA degree, at least 9 years' experience in cybersecurity security required. High School Diploma required. Experience
Minimum 5 years of experience with a BS/BA degree in an IT information security or compliance role in a corporate or government contractor setting. (Minimum 9 years' experience without a BA/BS degree.) High school diploma or GED is required. BS/BA degree is preferred.
Security Clearance Must meet eligibility requirements for access to U.S.government classified information. Location Santa Monica, CA, Washington D.C., or Pittsburgh, PA. This position is mainly onsite at a RAND U.S. location. Positions Open One Salary Range: $102,800 - $156,500 RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate's work experience, education/training, skills, expertise; and internal equity.The salary range includes base pay plus RAND's sabbatic pay (which provides additional compensation above base pay when vacation is taken). In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more. Equal Opportunity Employer
|
RAND Corporation
$102,800 - $156,500
Feb 25, 2026