|Title:||Senior Security Control Assessor|
The Senior Security Control Assessor will be responsible for overseeing and leading the overall duties of the Security Control Assessors. Conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
- Implementing RMF for A&A
- NIST SP 800 series guidance (800-37, 800-53,800-53a, 800-137, etc)
- Information Assurance Vulnerability Management (IAVM)
- Establishing, executing, and managing Information Security Continuous Monitoring (ISCM)/Continuous Monitoring (ConMon)
- CS and vulnerability assessments, analysis, and risk calculation
- Risk mitigation and resolution strategies
- Incident response and handling processes and procedures
- Ability to clearly articulate cyber risks in terms of operational impact
Knowledge, Skills and Experience:
- BS degree in a computer or system science discipline from an accredited college or university.
- 10+ years of experience conducting security control assessment of all NIST 800-53 controls.
- Certification(s) in information technology (i.e. CISSP).
- Thorough knowledge of NIST 800-53 security controls and required documentation.
- Conducted security control assessments based on a Risk Management Framework approach.