Overview
Work for a first-class institution that is innovative, multi-dimensional, and dynamic by joining AIR as a Senior Information Security Analyst.
We hire talented and forward-thinking professionals to build our cross-functional teams and support our clients in solving complex problems. Our people—problem-solvers, changemakers, and creative thinkers—are experts in their craft who rise to meet today’s challenges.
The Senior Information Security Analyst will play an integral role in delivering on some of the most meaningful projects in communities across the United States and the world. You’ll collaborate with our teams of motivated and passionate visionaries, where your input will be valued and your contributions vital to our success.
AIR’s Information Security Office is seeking a motivated Senior Information Security Analyst to join the Information Security team. In this role, you will be part of the security team responsible for coordinating, planning, and organizing information security activities throughout the institution. We are seeking a security professional with practical experience in all phases of security assessment and authorization, particularly in federal agency work. You will perform internal audits of a full range of information security controls and help AIR maintain compliance with both internal and external security requirements. You will lead continuous monitoring compliance and third-party risk management activities to maintain an effective security posture, safeguard AIR’s information technology assets, and ensure alignment with relevant compliance frameworks. If you are excited to be part of a winning team and want to roll up your sleeves and work on leading-edge information security work, this role is for you. This position reports to the Head of Information Security.
Periodic travel will be required to attend in-person events and meetings, attend industry conferences, meet with clients, and visit AIR offices, etc. based on business needs.
We value the experiences of every member of our institution, from entry level to executive. As part of our collaborative, learning-oriented team, you’ll be encouraged to grow in your career, develop additional skills, and progress professionally.
Candidates hired for the position may work remotely within the United States (U.S.) or from one of our U.S. office locations. This does not include U.S. territories.
About AIR:
Established in 1946, with headquarters in Arlington, Virginia, AIR is a nonpartisan, not-for-profit institution that conducts behavioral and social science research and delivers technical assistance to solve some of the most urgent challenges in the U.S. and around the world. We advance evidence in the areas of education, health, the workforce, human services, and international development to create a better, more equitable world.
AIR’s commitment to diversity goes beyond legal compliance to its full integration in our strategy, operations, and work environment. At AIR, we define diversity broadly, considering everyone’s unique life and community experiences. We believe that embracing diverse perspectives, abilities/disabilities, racial/ethnic and cultural backgrounds, styles, ages, genders, gender identities and expressions, education backgrounds, and life stories drives innovation and employee engagement. Learn more about AIR's Diversity, Equity, and Inclusion Strategy and hear from our staff by clicking here.
Responsibilities
The responsibilities for the position include:
Essential job functions include but are not limited to-
- Execute internal controls assessments for AIR web applications, secure data enclaves, general support systems, and other key systems to support internal and external client security requirements.
- Perform continuous monitoring activities to ensure compliance with internal and external requirements.
- Assist with the development and maintenance of security authorization package deliverables that include the system security plan, risk assessment, contingency plan, configuration management, system design, and privacy impact threshold/assessment documents.
- Perform and support third-party risk assessments and risk monitoring activities, including vetting new software and artificial intelligence (AI) use cases.
- Oversee the remediation of findings utilizing standard Plan of Action and Milestones (POA&M) processes resulting from both internal and external security controls assessment, vulnerability assessments, and penetration testing.
- Support annual contingency plan and incident response testing for AIR’s federal agency work.
- Analyze and respond to vulnerability and application assessment reports.
- Duties, responsibilities, and activities may change, or new ones may be assigned at any time based on business needs.
Qualifications
Education, Knowledge, and Experience:
- Bachelor’s degree with a minimum of 9 years of relevant experience in information security.
- The qualified candidate must be a Certified Information Systems Auditor (CISA) or have at least 5 years of equivalent system auditing experience.
- At least 2 years of experience with assessing cloud environments (Azure, AWS, Google).
- At least 5 years of relevant experience with NIST Special Publications 800-53 and 800-171.
- The candidate should be able to obtain a Level 6C Security clearance (Public Trust Position).
- Proven expertise in security best practices and hands-on experience in implementing IT security systems, processes, and procedures.
- Extensive knowledge of native cloud security and compliance capabilities and frameworks.
- Proven knowledge of emerging technology trends, including AI governance and risk management.
Skills:
- Demonstrated ability to communicate effectively with both technical and non-technical internal clients, understanding their needs and requirements.
- Strong communication skills to seamlessly collaborate with technical teams, security/risk stakeholders, and individuals at all levels and from diverse backgrounds in a virtual work environment.
- Exhibited ability to work well independently, and collaboratively as needed, while prioritizing multiple objectives and projects to consistently meet established timelines.
- Demonstrated analytical, critical thinking, and problem-solving skills with meticulous attention to detail.
- Ability to read, analyze and leverage security logs and other diagnostic evidence related to quality control.
- Proficient in utilizing standard Microsoft 365 tools, including OneDrive, SharePoint, Excel, Word, and Adobe Acrobat Pro.
Disclosures:
Applicants must be currently authorized to work in the U.S. on a full-time basis. Employment-based visa sponsorship (including H-1B sponsorship) is not available for this position. Depending on project work, qualified candidates may need to meet certain residency requirements.
All qualified applicants will receive consideration for employment without discrimination on the basis of age, race, color, religion, sex, gender, gender identity/expression, sexual orientation, national origin, protected veteran status, or disability.
AIR adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo reference and background checks.
AIR’s Total Rewards Program, is designed to reward our staff competitively and motivate them to achieve our critical mission. This position offers an anticipated annual salary of $141,000 to $146,000. Salary offers are made based on internal equity within the institution and external equity with competitive markets. Please note this is the annual salary range for candidates that are based in the United States.
AIR maintains a drug-free work environment.
Fraudulent Job Scams Warning & Disclaimer:
AIR is aware of individuals falsely presenting themselves as AIR representatives. Fraudulent job scams seek to extract sensitive information or money from victims. To protect yourself, please be aware that AIR recruitment will only email you from an “@air.org” domain. Please take extra caution while examining the email address, for example jdoe@air.org is correct and jdoe@aircareers.org is not a legitimate AIR email address. If you are unsure of the legitimacy of a communication you have received, please reach out to recruitment@air.org.
If you see a job scam, or lose money to one, report it to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov. You can also report it to your state attorney general. Find out more about how to avoid scams at ftc.gov/scams.
#LI-MP1 #LI-Remote