Security Compliance Assessor

Responsibilities and Duties:

·         Support with assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) and FEDRAMP on behalf of a federal civilian agency as a contractor and identifying potential risks associated with system configuration and advise on possible mitigation strategies.

·         Conduct cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls 
·         Prepare and review System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation
·         Work with and identify key stakeholders in support of A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.

·         Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort

·         Assist with estimating the Level of Effort (LOE) involved with performing A&A activities and developing/maintaining schedules.   

·         Assist customer program offices in interpreting and applying mitigation strategies

·         Conduct annual Continuous Monitoring Compliance Checks and analyze system assessment documentation for accuracy, compliance, and adherence to federal cybersecurity requirements
·         Work with and identify key stakeholders for annual assessments as needed to include: conducting OMB A-123 compliance assessments and the high- level assessments of government shared services as needed

·         Maintain cybersecurity policy and processes as assigned

·         Manage and track systems or programs involved in the A&A process and as they cycle through RMF/FedRAMP.

·         Develop and implement security related directives and guidance for Information Assurance; Information Technology; and Information Management. 

·         Develop and deliver Monthly POA&M & ATO Reports to Management 

·         Promote an environment of continuous process improvement, learning and team collaboration


Minimum Qualifications

·         Must possess a bachelor’s degree in a related field

·         TS/SCI eligibility

·         5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's

·         One or more of the following certifications is desired (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)

·         Familiar with information security and assurance principles and associated supporting technologies

·         Excellent customer service, organizational, and writing skills

Want to apply later?

Type your email address below to receive a reminder

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
ErrorRequired field
ErrorRequired field