Job Details

ID #44867688
State District of Columbia
City Washington
Job type Permanent
Salary USD TBD TBD
Source AAC Inc
Showed 2022-08-14
Date 2022-08-13
Deadline 2022-10-12
Category Et cetera
Create resume

Security Control Assessor

District of Columbia, Washington, 20001 Washington USA

Vacancy expired!

Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an IT system to determine the overall effectiveness of the controls.

  • Implement an IT Security Review and Assistance Program to aid the ISSOs in authoring security assessment and authorization documentation.
  • Schedule IT security review and assistance visits and ensuring these visits are completed and participating in review and assistance visits.
  • Coordinate with ISSOs and provide guidance and oversight in identifying and documenting deficiencies and prioritizing them based on the mission, risk, and funding.
  • Evaluate configurations and implementation of firewalls, proxy servers, routers, Virtual Private Networks (VPNs), Intrusion Detection System (IDS), wireless networks, etc. against legal requirements, departmental/local policy, industry best practices and vendor recommendations.
  • Review National Institute of Standards and Technology (NIST) publications applicable to FISMA and other directives for applicability to the agency's IT Security Program.
  • Support the CISO's continuous monitoring initiatives by collecting, compiling, and providing monthly Compliance & Testing submissions for inclusion within Cyber Scope.
  • Develop methods to monitor and measure risk, compliance, and assurance efforts.
  • Assess the effectiveness of security controls.
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence).
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.

  • Bachelor's degree in Information Systems/Information Technology, Computer Science, Cybersecurity, or related field is desired.
  • Requires a minimum of 7 years' experience performing IT Assessments.
  • Experience developing risk assessment reports based on review of security plans and interviews with developer/customer assess systems against information assurance policies, regulations, and instructions.
  • Experience providing threat analysis based on identified security vulnerabilities.
  • Experience testing security architectures and applications, identifying vulnerabilities, and providing security remediation.
  • Knowledge of cybersecurity principles and relevant laws, policies, procedures, or governance related to critical infrastructure.
  • Knowledge of the Security Assessment and Authorization process.
  • Knowledge of Risk Management Framework (RMF) requirements.
  • Excellent oral and written communication skills.
  • Requires active CISSP or CISM certification.
  • Requires active ISC2 CAP, CASP, or CISA certification.
  • Must be able to obtain DHS Public Trust prior to start date.

Vacancy expired!

Subscribe Report job