Manager’s Internal Control Program (MICP) Analyst
*** United States citizenship required per government contract. (dual citizenship is not permitted). A completed United States DOD clearance investigation and current, active eligibility is required to perform on this contract, and therefore is required to be considered for a position.***
Location: Washington Navy Yard
Period of Performance: ASAP – 2022 (multi-year contract with options)
Main Sail has an immediate opening for a well-qualified MICP Analyst to support a large Navy Business System. The MICP Analyst assists the Government MICP lead to develop test cases for determining if general controls are in-place and functioning as intended. They will also, assist the Lead in documenting a test schedule, documenting vulnerabilities in a Plan of Action and Milestones (POA&M) and performing qualitative risk analysis of vulnerabilities noted during testing. They will assist the program office in refining the internal documentation that is used to govern and run the MICP effort.
- Perform duties related to the day-to-day operations of a MICP:
- Examine and review available documents to understand the control process, achieve clarification, or obtain evidence.
- Interview or hold discussions with individuals or groups of individuals from the Process Owner to achieve clarification, or obtain additional evidence.
- Assess and evaluate that the controls are functioning effectively, according to applicable guidance. (NIST, FISCAM, RMF, etc.)
- Report assessment outcome, any subsequent interviews, and all reports collected on the applicable Audit Assessment Form
- Provide Process Owner feedback of the assessment results.
- Applied FISCAM, RMF, OMB Cir. A-123, FIMFIA, as well as other cybersecurity and audit related criteria.
- Evaluate /audit internal controls at the Test of Design (TOD) and Test of Effectiveness (TOE) levels to ensure that they are operating as designed.
- Assist in the MICP planning and execution to sustain FISCAM control Compliance over time.
- Minimum 5 years' experience performing MICP
- Degree in Cyber Security, Audit, Accounting, or IT related field required
- Security+ Certification required
- Familiarity with NIST Special Publications or applicable guidelines.
- Will have developed an understanding of correctly functioning general and BPAC controls.
- Must be capable of performing effectively individually and as part of a team.
- Must be capable of communicating effectively in writing as well as verbally.
- Must be capable of contributing to the modification of the MICP as the systems and environments adjust to meet the needs of the Navy and its users.
- Must be able perform duties on-site, at the Washington Navy Yard.
- Must have knowledge of information systems to include networks, platforms and applications.
- Should have knowledge and experience gained from working in a SAP based application environment.
- Should have knowledge of systems operations within a virtual or cloud environment
- The ideal candidate will have knowledge of SharePoint administration, workflow development and use.