IMPAQ International, LLC

Returning Candidate?

Senior Information Assurance Specialist

Senior Information Assurance Specialist

Job Location 

More information about this job



IMPAQ International, LLC (IMPAQ), is a premier public policy research organization that helps governments, businesses, foundations, non-profits, policymakers, and universities to operationalize, evaluate, and enhance their programs and policies by offering strategic planning, research studies, technical assistance, operational support, process improvement, and stakeholder outreach. IMPAQ employs a large staff of world-class analysts, data scientists, economists, policy professionals, survey professionals, technical innovators, project management professionals, IT specialists, and subject matter experts in five offices across the U.S. IMPAQ’s experts combine innovative thinking and rigorous approaches to make a real world impact. IMPAQ has a diverse and collegial work environment and is an Equal Opportunity/Affirmative Action Employer (M/F/Disability/Veterans). 


The Senior Specialist, Information Assurance has the exciting opportunity of building a comprehensive security practice at IMPAQ International, which underpins a growth path culminating at the position of Information Security Officer (ISO).  Ideal candidates for the position will have deep systems and/or operations management background, 5+ years of experience in information security, and possess the ability to identify security risks for IMPAQ’s business environments, as well as compliance with HIPAA and FISMA security and privacy controls, and give direction for implementing mitigating controls and remediation. This includes coordinating and tracking security and auditing activities performed by IMPAQ’s managed security services partner (MSSP). 



The Senior Specialist, Information Assurance assists in establishing strategic direction for information security, privacy programs, and business continuity plans, and establishes and maintains project plans for executing the strategies which support these actions.  The position involves working with business teams to ensure information security initiatives are understood and implemented, and guidance and cross training are provided to other team members as needed. The position requires occasional off-hours work for assessment, auditing and maintenance.  


  • Lead IMPAQ’s information security and compliance program.
  • Lead IMPAQ’s vulnerability assessment and testing services, as well as identifying weaknesses and vulnerabilities within the system and overseeing mitigation activities.
  • Track organization’s POAMs and communicate with external clients as necessary.
  • Manage and maintain system authorization status or Authority to Operate (ATO)
  • Maintain and implement Change Management Plans, Incident Response Plans and System Security Plans (SSP) and subsequent procedures.
  • Provide expertise and assistance in the development of the security policies and procedures as well as assist in ensuring compliance with those policies and procedures.
  • Contribute to the development and maintenance of the enterprise-wide business continuity management program including: performing business impact analyses and risk assessments, executing table top exercises, development of tools and instructional guides (i.e., processes & procedures).
  • Engage in security awareness and training initiatives to educate workforce about policies, procedures, and information risks.
  • Perform project management fundamentals within the scope of information security duties, including development of detailed project plans, tracking project progress and maintaining comprehensive project documentation.
  • Maintain repository of language concerning IMPAQ security programs and controls used for proposal support.  Provide customized security language for proposals as needed.


Education and Experience:


  • Bachelor’s degree in business discipline, information systems or related information science, and/or equivalent experience.
  • Experience working with and managing auditing and vulnerability scanning solutions.
  • 5+ years’ experience with managing and implementing information security controls. 
  • 5 + years’ experience in evaluating and securing Microsoft server environments.
  • Demonstrate the ability to stay current on global threats and vulnerabilities. 
  • Strong writing skills, including the ability to effectively document processes and procedures as well as application and network environments.
  • Possess a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Business Continuity Planner (CBCP), or equivalent network security certification and agree to maintain the credential(s) as a condition of employment.
  • Intimate knowledge of NIST SP800-53 and/or HIPAA security frameworks (other comparable frameworks will be accepted).
  • Experience in Certification and Accreditation and/or IT security risk analysis, preferably in support of Authority to Operate (ATO) for federal systems.
  • Experience working in a team environment.
  • Advanced knowledge of project management concepts.
  • Must demonstrate time management skills and the ability to multi-task and work independently while under several competing deadlines and with constant interruption.
  • Must be able to obtain a public trust clearance.


Must provide a writing sample as part of the interview process.


Connect With Us!

Not ready to apply? Connect with us for general consideration.