Senior Security Compliance Audit Analyst- Health IT

Northrop Grumman Technical Services sector is seeking a Security Policy/Compliance Analysts to join our team of qualified, diverse individuals. These positions will be located in Woodlawn, MD.

Put your years of experience as a Security Policy/Compliance Analyst into a future of excellence by joining a Northrop Grumman team delivering cutting edge technology solutions to our clients. The qualified applicant will become part of Northrop Grumman's Health Solutions Management division which focuses on healthcare IT solutions for our Federal, State, and local government clients.

Security Policy/Compliance Analyst will develop and implement Security Policy and/or validate Security Compliance against policies to help improve the client's ability to reduce the impact of security threats. The Security Policy/Compliance Analyst may assist in prioritizing, defining strategy and managing identified security Plans of Action and mitigation (POAMs). May analyze and prioritize the outcomes to develop mitigation strategies utilizing current security platforms or recommendations for new security architectures. The Information Systems Security Policy/Compliance Analyst keeps current on advances in the field of Federal IT, and provides analytical guidance to the project team. The Information Systems Security Policy/Compliance Analyst may act as a customer contact for technology, lead technical review sessions with customer.

Responsibilities for this position include:

  • Perform as a Security Policy/Compliance analyst
  • Work onsite with the customer's technical teams and leadership to build relationships and find ways to leverage and maximize technical investment recommendations
  • Assist with RFP technical proposal responses, as needed
  • Assist Cloud Architects in establishing a strategy and approach to transform customer infrastructure and development environment to a Cloud based solution
  • Developing Security Policies and/or ensuring Security Compliance for Cloud implementations
  • Drive security requirements for the customer, integrating multiple capabilities and scenarios supporting the cloud implementations
  • Provide Security Policy and/or Security Compliance expertise to managers and technical staff, and the customer
  • Function as a Security Policy and/or Security Compliance expert on project assignments, and must possess the ability to apply a comprehensive knowledge across key tasks and high impact assignments.
  • Plan and lead Security Policy and/or Security Compliance assignments, with the potential to supervise others in doing so.
  • Demonstrates strong oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences, as well as interface with the senior customers on a daily basis
  • Ensure HIPAA violations do not occur within the program by taking a proactive role in the constant vigilance and rigor to emphasize HIPAA compliance throughout all levels of the program (systems, personnel, and data). To be fully aware of all PHI/PII within their respective program and how it is protected.

Basic Qualifications:

Minimum knowledge, skills, abilities needed.

  • Bachelor's degree in Business, Computer Science, Information Technology, Information Systems, Systems Engineering, or related disciplines and 9 years of experience; Master's degree in Business, Information Technology, Information Systems or related disciplines and 7 years' experience; or 13 years of experience will satisfy the education and experience requirement.
  • 5 years of experience working as a Security Policy or Security Compliance as a Cyber Security, IT Security, or Information Assurance analyst
  • 3 years of experience with developing security policies, processes, and procedures in the federal government
  • 3 years of experience with assessing new security laws, policies, or standards to determine program-level impact
  • 3 years of experience with the NIST Risk Management Framework and SP 800 issuances, continuous monitoring, and information system security policies, standards, and procedures
  • Must have a solid understanding of cloud deployment, security policy requirements and assessments, and service models as defined by the National Institute of Standards and Technology (NIST).
  • Ability to perform an IT audit and develop a comprehensive risk assessment process; on multiple CSPs and services offerings such as Microsoft Office 365 and SharePoint.
  • Ability to obtain a position of public trust.
  • Must be US Citizen or US Permanent Resident

Preferred Qualifications:

Candidates with these skills will be given preferential consideration.

  • Security Certification or other Professional security or auditing certifications a plus: CISSP, CISA, GIAC, SSCP, CIPP, CIA, CSCS
  • Technical awareness of FedRAMP, FISMA, NIST, RMF and Federal Government Certification and Accreditation (C&A) process
  • Experience with responding to external audits and developing remediation plans

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit U.S. Citizenship is required for most positions.

Meet Some of Northrop Grumman's Employees

Jacqueline T.

Electrical Engineer

Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.

Jonathan M.

Electronics Engineer

Jonathan works with avionics industry subject matter experts to come up with new feature developments before implementing those ideas in the Northrop Grumman laboratory.

Back to top