Security Control Assessor - Arlington, United States - Zermount Inc

Zermount Inc
Zermount Inc
Verified Company
Arlington, United States

3 weeks ago

Mark Lane

Posted by:

Mark Lane

beBee recruiter
Description

Security Control Assessor Team Lead:


MILITARY FRIENDLY & PREFERRED - HOH SPONSOR:

Summary
Zermount Inc.

is seeking a Security Control Assessor Team Lead who will play a vital role in leading multiple teams on large projects.

The System Security Assessment Team Lead will oversee all aspects of the Assessment Team ensuring the performance of complex risk analyses, including risk assessments.

The System Security Assessment Team Lead will determine information assurance based upon the analysis of technical, user, policy, regulatory, and resource implementations.

They will also support customers at the highest levels in the analysis of the implementation of doctrine and policies.


Duties & Responsibilities

  • Serve as the liaison to System Owners for completing all Security Authorization, Preliminary Risk Assessment, and ad hoc Risk Assessment efforts.
  • Assess all applicable security controls defined in the mandated DHS Compliance tool and applicable to the systems under their purview.
  • Assess the completeness and accuracy of system a FIPS199, Privacy Threshold Analysis (PTS), E-Authorization, Contingency Plans (CPs), Contingency Plan Tests, Security Plans.
  • Develop SA Package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, Findings and recommended POA&M Matrices.
  • Analyze evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate customer repository.
  • Manage mini teams to ensure all SA Activities are completed.
  • Provide Recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.
  • In view of the remote nature of the contract, an individual, and Team Weekly Status Report and Briefing are required deliverables for tasks assigned. Must have the ability to effectively develop weekly status reports, that are consistent, well structured, answer to all the assigned management templates guidelines, and are in alignment with the task area.
At a minimum the weekly status report should reflect the following:
Weekly work accomplished, 2 weeks of ongoing and planned tasks, Risks, and issues impacting tasks assigned

  • The report format will be primarily MS PowerPoint and MS Project (or other MS tools as required by the management team).
  • All Deliverables shall be at a level of accuracy that does not require "return for correction" for typographical and grammatical errors. (Repetitive requests for correction by the management or Government team may result in a determination of failing to meet the basic standards for professional writing, reporting, accuracy, quality, and completeness of the contractual requirements for deliverables.)
  • Must have the ability to prepare to present, brief, and explain; all information captured in weekly status report to management and/or government client.
  • Conduct SCA and provide quality assurance and SCA expertise to other team members.

Qualifications

  • A minimum of ten (10) years of IT cybersecurity experience including direct support for the US Government and seven (7) years actin as an ISSO, assessor, or compliance analyst for enterprise IT systems, or a relevant Master's degree in IT, Computer Science, or Engineering and seven (7) years of IT cybersecurity experience including direct support for the US Government and five (5) years acting as an ISSO, assessor, or compliance analyst.
  • Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
  • Experience and knowledge of Executive Orders (EO's), Office of Management and Budget (OMB) Memorandums, Federal, DoD and CISA Technical Reference Architectures, Maturity Models, NIST guidance, FISMA, Cloud, and Risk Management Framework (RMF). Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
  • Technical knowledge of complex enterprise IT systems
  • Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Tenable, Nessus Security Center, Splunk, etc.
  • Experience communicating effectively, both oral and written, with technical, nontechnical, and executivelevel customers.
  • Understanding of zero trust principles is beneficial but not required.
  • Proficient in risk assessment methodologies and security architecture frameworks.
  • Technical knowledge of complex enterprise IT systems
.

  • Experience with cloudbased environments and technologies is preferred.
  • Knowledge of common cybersecurity threats, risks, and vulnerabilities and how to mitigate them.
  • Excellent communication skills, with the ability to explain complex concepts in a clear, concise manner.
  • Technical knowledge of IT systems and implementation of security controls.
  • Strong problemsolving skills, proactive attitude towards identifying potential issues and implementing solutions.
  • The ability to organize and motivate a project team.
  • Must be able to conduct sys
More jobs from Zermount Inc
See all jobs of Zermount Inc