Security Control Assessor
US-DC-Washington, D.C.
Careers (External)
Req #: 6100
Type: Full-Time
|
|
|||||||||||
|
||||||||||||
Overview: GovCIO is currently hiring for Security Control Assessor with a TS/SCI clearance in Washington, DC (4 days onsite, 1 day remote). Responsibilities: * Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities * Prepare the final security assessment report containing the results and findings from the assessment. Prior to initiating the security control assessment, an assessor conducts an assessment of the security plan to help ensure that the plan provides a set of security controls for the information system that meet the stated security requirements * Review and approve the IS Security Control Assessment Procedures, the Security Assessment Plan, the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM) * Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an A&A workflow software application * Review and compile the BOE (i.e., security control allocations, security control implementations, test results, Security Assessment Reports (SARs), POA&Ms, risk acceptance recommendations, and risk mitigation strategies) to support the recommendation for client risk acceptance authorization decisions * Review SARs, verify test results, and create POA&Ms to document corrective actions with milestone completion dates Qualifications: * Bachelor's with 8+ years (or commensurate experience) of experience as a Security Control Assessor * Experience conducting security control assessment of all NIST 800-53 controls. * Senior-level security control assessors should have 7 to 10 years of experience. * At least one of the following certifications: Security+, CAP * Technical understanding (understanding network diagrams, vulnerability and compliance scans) * Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables. * Excellent Communication skills (written and oral) * Experience creating and maintaining various security documents such as the Security Assessment Plan * Thorough knowledge of NIST 800-53 security controls and required documentation * Conduct security control assessments based on a Risk Management Framework approach * Experience conducting risk assessments and developing security assessment reports * Clearance Required: An active TS/SCI clearance is required
Share this job:
