Security Control Assessor

This is a Remote, Work-From-Home Position

Full Job Description

The Security Control Assessor (SCA) will be part of a team responsible for providing independent assessments of security control compliance applied to the client’s hosted as well as cloud hosted IT applications and infrastructure. This role supports the documentation, validation, assessment, and authorization processes necessary to comply with federal cybersecurity requirements. The Assessor will research and prepare for the Risk Management Framework (RMF) assessment and authorization process, manage the day-to-day responsibilities of gathering evidence, scheduling resources, coordinating with business owners and external assessors, and track and report organizational readiness, POA&M, and assessment information using enterprise tools when possible. The position supports cybersecurity risk management with the Information Security Assessment team. As a contributor of the team, the Information Security Assessment team will be responsible for on-going risk identification and assessment, advice, and training, testing and assessment and oversight and stakeholder reporting.

Responsibilities

The candidate can expect to:

• Collaborate with System Owners to evaluate the client’s information security program against the NIST Cybersecurity Framework and other commonly implemented cybersecurity, privacy, and data protection frameworks and regulatory requirements.
• Assist with the development and periodic review of Security Assessment Plans to ensure the client is familiar with the assessment scope, testing methods/expectations, and the personnel/roles involved with the assessing the client’s security risk.
• Support the Assessment Team with creating pre-assessment documentation a such as assessment workbooks, interview scripts, and artifact request list. 
• Document compliance by linking artifacts and uploading reports in the designated artifact repository, such as assessment plans, interview scripts, audit findings, risk reports.
• Assess risks and develop Plans of Action and Milestones (POA&Ms) that can used to provide continuous reporting and support informed, risk-based decision making.
• Be responsible for tracking requirements for assigned systems and validate that tasks are on schedule and ensure the delivery of quality documentation.
• Function as technical SME for assessment status reporting. 
• This role with report directly to the Oversight and Compliance Team Lead.
• Other duties as assigned.

Qualifications

The successful candidate will possess strong analytical skills and attention to detail. Additionally, the ideal candidate will possess:

• 3 - 5 years of security/IT Governance, Risk, and Compliance or equivalent experience
• Hands-on experience with auditing NIST 800-53 security controls in an assessment and authorization program
• BA or BS in a technical field or equivalent experience
• Ability to obtain and maintain a Public Trust security clearance
• Ability to accomplish outcomes effectively, with minimal supervision, and a high degree of accountability and urgency to move assessments forward. 
• Analytical and problem-solving skills with the drive to learn and expand skills with Information Security auditing
• Superior attention to detail and conscientious of the quality of work product
• Understanding and audit experience of cloud technologies such as AWS, Microsoft Azure, and Google Cloud Platform a bonus
• Ability to thrive in a dynamic, fast-paced environment, and effectively manage multiple tasks simultaneously ensuring scheduled goals are met
• Must be able to work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities
• Strong interpersonal and communication skills to develop and maintain relationships with clients and colleagues
• Proficient in Microsoft Excel, Word, PowerPoint, and Visio
• Passion for security, technology, and risk assessment
• Ability to present ideas and solutions in business and user-friendly languages

Clearance Required: Ability to obtain a Public Trust minimum, higher is a bonus.

Industry certifications: Not required but a bonus. Examples are such as CISSP, CISA, CISM, ITIL, CRISC, SANS GIAC, Security , etc.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.