Security Risk and Compliance Specialist - Government Services

Cyber Security Reston, Virginia


Description

PRIMARY RESPONSIBILITY: Acts as an advocate in development of the overall information security program. Assists in development and execution of information security, compliance, and risk best practices through audits, assessments, and policy-making.

  • KNOWLEDGE/SKILLS/ABILITY: Strong written and verbal communication skills. Able to communicate with all levels of the organization. Aptitude to develop and maintain internal and external business relationships and to leverage those relationships in pursuit of goals and responsibilities. Strong analytical skills to analyze and evaluate technical information. Moderate knowledge of application and system vulnerabilities and exposures. Knowledge of basic system, network, and operating system hardening techniques. Strong knowledge of Information Assurance (IA) principles and Tenets (confidentiality, integrity, and availability). Moderate knowledge of network architecture concepts including topology, protocols, and components. Knowledge of network communication protocols and directory services. Knowledge of network security architecture and risks associated. Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. Knowledge of security policies, controls, and programs, including NIST 800-53, NIST 800-171, and FedRAMP. Ability to work independently on tasks and take ownership of projects. May received detailed instructions on assignments but is comfortable with independent decision making.
  • JOB COMPLEXITY: Collaborates across the organization to execute and mature the Risk Assessment process, including following established procedures for processes, methodologies, and reports. Participates in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team. Where ideal solutions cannot be found, escalates control failures and enterprise level risks to management.
  • Risk: Conducts IT Risk and Information Security due diligence activities relative to vendors and third parties. Conducts risk assessments and documents findings where the deviation from an information security or IT Risk policy or standard is desired. Communicates the value of Compliance, IT Risk, and Information Security within the team.
  • Compliance: Assists in annual assessments and audits to gain the Authority to Operate (ATO) and industry specific reports, including FedRAMP Moderate, Impact Level 4, FISMA Moderate, FISMA High, and SOC2. Ability to document findings where deviations exist through internal or external testing. Executes internal control testing according to documented processes. Promotes sharing of expertise through consulting, presentation, and documentation. Executes cross-functionally to ensure a holistic approach to security and compliance across the organization. Executes established compliance processes with IT and Information Security policies, standards, guidelines and relevant legal and regulatory requirements. Assists in updating internal control matrices where necessary to support annual changing environments. Supports business partners where necessary in dealing with current and prospective clients. Assists teammates in coordinating between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering. Assists in internal customer audits which include scheduling, presentation of the Rackspace compliance portfolio, and overseeing the successful visit in conjunction with Account Managers. Continuously validates the organization against additional mandates, as developed, to ensure full compliance. Helps to create risk remediation plans with business owners and follows through in the implementation of changes.
  • SUPERVISION: Operates under moderate supervision for new tasks but is able to work independently on routine tasks.
  • EXPERIENCE/EDUCATION: High school diploma or equivalent required. Bachelors degree in Computer Science/Computer Studies/Information Technology/Information Security or a related field is preferred. Experience may substitute for degree at 1 year experience for 1 year of education. Minimum of 4 years of practical information security experience in developing and maintaining secure architectures for large enterprises is preferred, including 1-2 years in a Rackspace-type environment. CISA, Security+, Project+, and CISSP Professional certifications preferred.
  • Risk: CRISC
  • PHYSICAL DEMANDS: General office environment. May require long periods sitting and viewing a computer monitor. Moderate levels of stress may occur at times. Some lifting up to 20 pounds.
  • PERSON SPECIFICATION: Must be able to pass a Public Trust background check at hire. Must be a U.S. Citizen. May require further DOD security clearance.
#LI-DD1

About Rackspace
We accelerate the value of the cloud during every phase of digital transformation. By managing apps, data, security and multiple clouds, we are the best choice to help customers get to the cloud, innovate with new technologies and maximize their IT investments. We have been honored by Fortune, Forbes, Glassdoor and others as one of the best places to work. Join us on our mission to build the world’s best technology services company.

More on Rackspace
Rackers aren’t all alike. We look different. We think uniquely. We are from many places and our beliefs & backgrounds vary. But, being a Racker — a valued member of a winning team on an inspiring mission – is what connects us all. Rackers are encouraged to bring their whole self to work every day, as we know that unique perspectives fuel innovation and enable us to best serve our customers & communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.