Security Control Assessor
1 month ago
Summary
Zermount Inc. is seeking a Security Control Assessor Team Lead who will play a vital role in leading multiple teams on large projects. The System Security Assessment Team Lead will oversee all aspects of the Assessment Team ensuring the performance of complex risk analyses, including risk assessments. The System Security Assessment Team Lead will determine information assurance based upon the analysis of technical, user, policy, regulatory, and resource implementations. They will also support customers at the highest levels in the analysis of the implementation of doctrine and policies.
Duties & Responsibilities
- Serve as the liaison to System Owners for completing all Security Authorization, Preliminary Risk Assessment, and ad hoc Risk Assessment efforts.
- Assess all applicable security controls defined in the mandated DHS Compliance tool and applicable to the systems under their purview.
- Assess the completeness and accuracy of system a FIPS-199, Privacy Threshold Analysis (PTS), E-Authorization, Contingency Plans (CPs), Contingency Plan Tests, Security Plans.
- Develop SA Package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, Findings and recommended POA&M Matrices.
- Analyze evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate customer repository.
- Manage mini teams to ensure all SA Activities are completed.
- Ensure results are documented completely and accurately in the mandated DHS Compliance Tool at the operating system, application and database levels.
- Provide Recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.
- In view of the remote nature of the contract, an individual, and Team Weekly Status Report and Briefing are required deliverables for tasks assigned. Must have the ability to effectively develop weekly status reports, that are consistent, well structured, answer to all the assigned management templates guidelines, and are in alignment with the task area. At a minimum the weekly status report should reflect the following: Weekly work accomplished, 2 weeks of ongoing and planned tasks, Risks, and issues impacting tasks assigned
- The report format will be primarily MS PowerPoint and MS Project (or other MS tools as required by the management team).
- All Deliverables shall be at a level of accuracy that does not require "return for correction" for typographical and grammatical errors. (Repetitive requests for correction by the management or Government team may result in a determination of failing to meet the basic standards for professional writing, reporting, accuracy, quality, and completeness of the contractual requirements for deliverables.)
- Must have the ability to prepare to present, brief, and explain; all information captured in weekly status report to management and/or government client.
- Conduct SCA and provide quality assurance and SCA expertise to other team members.
Qualifications
- A minimum of ten (10) years of IT cybersecurity experience including direct support for the US Government and seven (7) years actin as an ISSO, assessor, or compliance analyst for enterprise IT systems, or a relevant Master's degree in IT, Computer Science, or Engineering and seven (7) years of IT cybersecurity experience including direct support for the US Government and five (5) years acting as an ISSO, assessor, or compliance analyst.
- Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
- Experience and knowledge of Executive Orders (EO's), Office of Management and Budget (OMB) Memorandums, Federal, DoD and CISA Technical Reference Architectures, Maturity Models, NIST guidance, FISMA, Cloud, and Risk Management Framework (RMF). Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
- Technical knowledge of complex enterprise IT systems
- Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Tenable, Nessus Security Center, Splunk, etc.
- Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.
- Understanding of zero trust principles is beneficial but not required.
- Proficient in risk assessment methodologies and security architecture frameworks.
- Technical knowledge of complex enterprise IT systems.
- Experience with cloud-based environments and technologies is preferred.
- Knowledge of common cybersecurity threats, risks, and vulnerabilities and how to mitigate them.
- Excellent communication skills, with the ability to explain complex concepts in a clear, concise manner.
- Technical knowledge of IT systems and implementation of security controls.
- Strong problem-solving skills, proactive attitude towards identifying potential issues and implementing solutions.
- The ability to organize and motivate a project team.
- Must be able to conduct system analysis to detect issues with performance.
Education
Master's degree preferable but professional experience is Permitted:
- A relevant master's degree in IT, Computer Science, or Engineering and 7 years of IT cybersecurity experience including direct support for the US Government and 5 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems OR
- A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems.
Certifications and Training (Required)
At least one of the following security certifications:
· Certified Authorization Professional (CAP)
· Certified Information Systems Security Officer (CISSO)
· Certified Information Security Manager (CISM)
· Certified Information Systems Security Professional (CISSP)
Clearance Level
Minimum of active Secret Clearance.
Work Location
Remote
Hours of Operation
Business Hours: 9:00 am EST - 5:00 pm EST.
-
Jr Security control assessor
1 month ago
Arlington, Virginia, United States Motion Recruitment Full time· Must provide on-site support in Washington, DC, for four days a week. · Active Top-Secret clearance required. · This position requires a badge or clearance that involves extensive background, credit, and drug screening. · Over 3 years of experience in cybersecurity programs, including security testing and/or security control assessments. · Experience...
-
Arlington, United States Motion Recruitment Full timeJunior Security Control AssessorThis company is seeking a Security Control Assessor to join their Cyber Solutions Practice and support a team of Cyber Subject Matter Experts on a newly awarded contract in Washington, DC. This role will have an immediate impact on the DHS and the Intel community by providing innovative solutions for mission-critical cyber...
-
SCA II
1 month ago
Arlington, United States Watermark Risk Management International, LLC Full timeFOUNDED BY USAF VETERANS in 2007, we are proud to be a Service-Disabled Veteran Owned Small Business.Security Control Assessor (SCA) IIPerform assessment of ISs, based upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG)Advise the Information System Owner (ISO), Information...
-
Cybersecurity Security Control Assessor
2 days ago
Arlington, Virginia, United States Tau Six Full timeAbout the RoleTau Six, a leading provider of cutting-edge cybersecurity and system integration services to the US National Security market, is seeking a highly skilled Cybersecurity Security Control Assessor to join our team.Key ResponsibilitiesConduct and document comprehensive assessments of management, operational, and technical security controls employed...
-
Security Control Specialist
1 day ago
Arlington, Virginia, United States MAXIMUS Full time**Job Summary**Maximus is seeking a highly skilled Security Control Assessor to join our team in a DoD program in Arlington, VA. As a key member of our team, you will be responsible for conducting comprehensive assessments of management, operational, and technical security controls to ensure the highest level of security and compliance.**Key...
-
Security Control Specialist
5 days ago
Arlington, Virginia, United States MAXIMUS Full timeJob SummaryMaximus is seeking a highly skilled Security Control Specialist to join our team. As a Security Control Specialist, you will be responsible for conducting comprehensive assessments of security controls to ensure the effectiveness of our systems.Key ResponsibilitiesMonitor and evaluate system compliance with IT security, resilience, and...
-
Assessor
3 months ago
Arlington, United States ARM Consulting Full timeJob DescriptionJob DescriptionSalary: Company: ARM Consulting Position Title: AssessorPosition Category: Full TimeLocation: Rockville, Maryland (Remote Work)ARM Consulting (ARM) is a management and technology company that integrates a range of capabilities to assist government and...
-
Arlington, Virginia, United States Peraton Full timeKey ResponsibilitiesPosition: Senior SME RF Communications Risk AssessorLocation: Remote options available for local candidates.OVERVIEW:We are in search of a seasoned Senior SME RF Communications Risk Assessor to spearhead risk evaluation and mitigation initiatives for communication systems, with a primary focus on RF hardware emanations. This role demands...
-
Cybersecurity Assessor
7 days ago
Arlington, Virginia, United States ARM Consulting Full timeJob OverviewSalary: CompetitiveCompany: ARM ConsultingPosition Title: Cybersecurity AssessorPosition Category: Full TimeLocation: RemoteARM Consulting is a premier management and technology firm dedicated to delivering tailored solutions that empower government and commercial clients to navigate complex challenges while maximizing success. Our unique...
-
Cybersecurity Specialist
3 days ago
Arlington, Virginia, United States Motion Recruitment Full timeJob Summary:Motion Recruitment is seeking a highly skilled Cybersecurity Specialist to join our team in Washington DC. As a Junior Security Control Assessor, you will play a critical role in supporting our Cyber Solutions Practice and collaborating with a team of Cyber Subject Matter Experts on a newly awarded contract.About the Role:This is an exciting...
-
Senior Information System Security Manager
2 weeks ago
Arlington, United States Arlo Solutions Full timeCompany Summary Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers...
-
Cybersecurity Specialist
2 days ago
Arlington, Virginia, United States MAXIMUS Full timeJob Description**Job Summary:**Maximus is seeking a highly skilled Cybersecurity Specialist to join our team as a Security Control Assessor. The ideal candidate will have a strong background in risk management, information security, and compliance.Key Responsibilities:Conduct comprehensive assessments of security controls to determine their effectiveness in...
-
Cybersecurity Specialist
1 week ago
Arlington, Virginia, United States Motion Recruitment Full timeAbout the Role:Motion Recruitment is seeking a highly skilled Cybersecurity Specialist to join our team in a hybrid role. As a Junior Security Control Assessor, you will be responsible for conducting security assessments and implementing risk-based approaches to security control implementation and vulnerability remediation.Key Responsibilities:Conduct...
-
Senior Risk Management Specialist
2 weeks ago
Arlington, Virginia, United States Zermount, Inc Full timeJob OverviewPosition: Senior Risk AssessorMilitary Friendly & Preferred - HOH SponsorZermount Inc. is on the lookout for a Senior Risk Assessor who will take charge of preparing for risk evaluations, executing assessments, crafting reports, and proposing strategies to minimize risks. This role involves evaluating systems, technologies, designs,...
-
Senior Security Control Evaluator
2 weeks ago
Arlington, Virginia, United States MAXIMUS Full timeMaximus is seeking a highly qualified and seasoned Senior Security Control Evaluator to become a vital part of our Department of Defense (DOD) team. In this pivotal role, you will oversee and facilitate the evaluation of security controls for information systems, ensuring compliance with DOD standards and protocols. The ideal candidate will possess a...
-
Transportation Security Officer
4 days ago
Arlington, Virginia, United States Transportation Security Administration Full timeAbout the RoleWe are seeking a highly skilled and dedicated Transportation Security Officer to join our team at the Transportation Security Administration. As a key member of our security team, you will play a critical role in ensuring the safety and security of air travelers, airports, and aircraft.Key ResponsibilitiesScreening and Security: Operate various...
-
Armed Security Specialist
2 months ago
Arlington, United States Eagle Security Group Full timeJob DescriptionJob DescriptionJOB DESCRIPTION:The primary goal of this position is to ensure all security operation functions are performed accurately and efficiently to provide a safe and secure environment for the client and their assets. This is a highly visible customer-facing role that entails regular interaction with the client’s employees and their...
-
Experienced Electronic Security Specialist
2 weeks ago
Arlington, Texas, United States NextGen Security LLC Full timeJob OverviewCompany: NextGen Security LLCLocation: Not SpecifiedIndustry: Security SolutionsEmployment Type: Full-TimeExperience Required: Minimum 5 years in security project leadership, with at least 3 years in supervising subcontractorsCareer Level: Experienced (Non-Managerial)Exemption Status: ExemptPosition: Senior TechnicianRole Summary:We are seeking a...
-
Arlington, Virginia, United States Amazon Inc Full timeAbout the RoleAt Amazon Inc., we prioritize security above all else. Our Security Assurance team is responsible for delving deep into industry requirements, maintaining regulatory and security standards, and establishing strategies to meet current and future security needs.Key ResponsibilitiesDevelop and maintain regulatory and security requirementsEstablish...
-
Security Control Evaluator
7 days ago
Arlington, Virginia, United States General Dynamics Information Technology Full timePosition Overview: The Security Control Evaluator (SCE) III plays a critical role in performing a thorough evaluation of the management, operational, and technical security measures implemented within or associated with an Information System (IS). The primary objective is to assess the overall efficacy of these measures, ensuring they are correctly applied,...