Information System Security Control Assessor Representative (SCAR)

About The Company

The Greentree Group is a professional services business comprised of talented analysts and problem-solvers who work with clients around the world on programs ranging from start-up business process consulting situations to planning the modernization of major information technology systems. Our people are key in developing and executing strategic and tactical plans and share in the challenges and rewards of working for a small company. Our team of experts can tackle the toughest problem and solve it right—the first time! What makes The Greentree Group successful is our outstanding people who hold a spotless record of customer satisfaction. We’re focused on doing business better—to better our client’s business!

About The Opportunity

The Greentree Group employees are truly valued and treated with respect. We need a talented individual to fill a potential role as a Security Controls Assessor Representative (SCAR) in support of a federal client in the Colorado Springs, CO area. The successful candidate will be responsible for several activities, including, but not limited to:

• Serving as an independent assessor to evaluate the effectiveness of security controls in accordance with NIST SP 800-52A Rev. 5 and DoD RMF standards
• Developing Security Assessment Packages (SAPs) and validating assessment results against the SAP
• Reviewing security assessment packages, documenting findings, capturing system risks, and developing risk acceptance or mitigation plans
• Supporting government stakeholders in planning, organizing, prioritizing, and developing schedules to deliver program objectives on schedule and within budget while adhering to DoD regulations
• Developing and reporting relevant metrics and information on information assurance, compliancy, security control statuses of networks and systems
• Defining rules of engagement for penetration testing and vulnerability scanning
• Supporting continuous monitoring and continuous monitoring
  
  

Minimum Qualifications

• Bachelor’s degree in a related field (or 10 years’ experience).
• In-depth familiarity with NIST SP 800-53 controls DoDI 8510.01 (Risk Management Framework for Air Force Information Technology), AFI 17-101(Risk Management Framework for Air Force Information Technology), and Security Technical Implementation Guides (STIGS)
• Experience in applying information system security concepts and methods across multiple IT disciplines
• Experience with Air Force systems
• Working knowledgeable with Enterprise Mission Assurance Support Service (eMASS) and associated artifacts and Plan of Actions & Milestone (POA&M) requirements
• Ability to maintain independence from system owners and implementers to provide objective assessments and recommendations Active DoD 8140 IAM Level III certification (CISM, CISSO, FITSP-M, GCIA, GCSA, GCIH, GSLC, GICSP, CISSP-ISSMP, or CISSP)
• Strong customer service, interpersonal, and communication skills (written and verbal)
• Good organizational, time management, analytical, and problem-solving skills
• Candidates must be U.S. Citizens and have the ability to obtain a secret clearance investigation in a timely manner
  
  

Desired Qualifications

• National Institute of Standards and Technology (NIST) Cloud Computing Definitions and Standards (NIST Special Publication 800-145 and 800-144)
• Familiarity with broader DoD environments
• CNSSI No. 4016 RMF Certified Risk Analyst Course
• Experience with vulnerability tools like Nessus, XACTS, or SPLUNK