External Compliance Analyst
- Security Assessments At least 2 years
- FIAMA At Least 2 years
- 800-53 At Least 2 years
- Develop and document the agency Acquisition and supply chain security policies.
- Develop and update State Data Flow Diagram for each State Transfer Component to be assessed. With the consolidation of individual State agency's data centers into a single State data center. The data flow diagram needs to reflect the separation of each State agency's assets/infrastructure from other entities.
- Assist DCA staff in the full array of activities associated with State, local, and tribal entities from inception to closure.
- Enter and update Point of Contact (POC) information for each State entity in the Compliance Oversight Application (COA).
- Schedule each State entity compliance reviews in COA and send an Outlook meeting invite to necessary stakeholders.
- Prepare official engagement correspondence that announces and explains the triennial security assessment process to State agency Authorizing Official and other identified State agency staff that may be new to the process.
- Provide technical support for both Client internal and State agency stakeholders participating in security assessments.
- Provide contractor for travel to each State entity and conduct the onsite security assessments. This includes participating in the security discussion surrounding hardware and software that involves Client data and providing Subject Matter Expert (SME) input.
- Conduct security risk assessments for the selected State, local, or tribal entities, promoting efficient and effective risk analysis demonstrated by recommended risk management practices.
- Review and evaluate State agency-submitted assessment documents and supporting artifacts.
- Assess the degree of risk to Client related to electronic information transmitted to partner agencies, and how that data is stored, viewed, accessed, monitored, and destroyed.
- Provide guidance and consultative services that support Clients governance of data exchange processes and procedures
- Provide expertise in the area of record-keeping, auditing, and monitoring applications and systems that receive process, and store Client provided information through our electronic data exchange programs.
- Monitor required actions to closure by states and locals to address review findings.
- Track the Findings of state agencies based on weaknesses identified during assessments.
- Follow-up with state agencies to track the status of open Plan of Action & Milestones (POAMs).
- Evaluate and archive state agency evidence and artifact documents.
- Monitor POAMs to closure.
- Prepare Compliance Review Closeout Reports, create scanned digital copies of all review-related correspondence, upload such correspondence to appropriate repositories, and send hard copies to state agencies via US Government Client or UPS.
- Send softcopies of review-related correspondence to appropriate state agency stakeholders.
- Assemble digital file for triennial security reviews and archive documents in appropriate repository.