Search
Header navigation

Security Compliance Analyst

WidePoint Corporation
locationColumbus, OH, USA
PublishedPublished: Published today
Compliance Management Systems / Technology
Full time
Security Compliance Analyst - WidePoint Integrated Solutions Corp. - Columbus, OH

WidePoint Corporation (WYY) is a leading provider of wireless mobility management and cybersecurity solutions. We offer secure, cloud-based, enterprise-wide information technology-based solutions that enable enterprises and government agencies to deploy fully compliant IT services in accordance with government-mandated regulations and advanced system requirements.

We are looking for a highly motivated Security Compliance Analyst in Columbus, OH that can operate in a fast-paced and demanding environment of a micro-cap publicly-traded company.

Position Summary

The Security Compliance Analyst actively engages in WidePoint's compliance initiatives, focusing on FedRAMP, NIST, CMMC, SOC 2 Type II, and SOX. The Security Compliance Analyst supports the Governance, Risk, and Compliance (GRC) program, provides subject-matter expertise on FISMA compliance, and maintains compliance controls. In addition, the Security Compliance Analyst will lead the Continuous Monitoring (ConMon) program, manage internal and external audits, manage remediation, maintain authorization packages, and stay current with emerging technologies and information security trends. Effective communication with WidePoint leadership, clients, and vendors is essential for the successfully executing of these responsibilities.

Essential Duties and Responsibilities

The essential functions include, but are not limited to, the following:
  • Supporting WidePoint's Governance, Risk, and Compliance (GRC) program, ensuring alignment with organizational goals.
  • Provides subject-matter expertise on FISMA compliance to internal and external stakeholders.
  • Monitors and maintains compliance controls to ensure continuous adherence to regulatory requirements.
  • Regularly reporting status and progress with WidePoint leadership and client Information System Security Officer (ISSO).
  • Leads and manages efforts related to internal and external audits, ensuring all findings are addressed and remediated.
  • Maintains WidePoint's FedRAMP Authorization package and agency authorization packages, including the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and other associated documentation.
  • Leads WidePoint's Continuous Monitoring (ConMon) program, interfacing with WidePoint clients, the Security Operations Center, and the FedRAMP PMO to ensure ongoing compliance.
  • Conduct research and analysis to keep current with Information Security, GRC knowledge, and emerging technologies, incorporating new insights into the compliance program.
  • Performs other related duties as assigned.
Minimum Qualifications (Knowledge, Skills, and Abilities)

The minimum qualifications include:
  • Bachelor's degree in Computer Science, Computer Engineering, or related field required or supporting industry certifications a plus.
  • One (1) to four (4) years of experience with leading FedRAMP Authorization or assessment activities.
  • Strong understanding of FISMA NIST 800-53 controls.
  • Comprehensive knowledge of FedRAMP and the Risk Management Framework (RMF) for both cloud and non-cloud environments.
  • Excellent interpersonal and communication skills, with the ability to work effectively as a team member and cross-functionally with internal and external stakeholders.
  • Proven ability to manage multiple priorities and workloads effectively, even when faced with conflicting demands.
  • Solution Engineering experience is an advantage.
  • Proficiency with security tools such as Nessus, Qualys, Sonarqube, or similar programs.
  • Experience with AWS GovCloud and AWS Certification.
  • Familiarity with additional compliance frameworks and standards, including NIST 800-171, CMMC, DoD IL series, Section 508, ISO 27001, HIPAA, PCI DSS, HITRUST, and TISAX.
Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the functions.
  • Prolonged periods sitting at a desk and working on a computer.
  • Must be able to lift up to twenty-five (25) pounds at times.
Note: This position description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employees will be required to follow any other position-related instructions and to perform any other position-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this position successfully, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

The company is an Equal Opportunity Employer, drug free workplace, and complies with ADA regulations as applicable.