SENIOR SECURITY CONTROL ASSESSOR - VIRGINA - URGENT

Job Number: 55

Job Category: GovTech

Job Title: SENIOR SECURITY CONTROL ASSESSOR - VIRGINA - URGENT

Job Type: Full-time

Clearance Level: Top secret/SCI

Work Arrangement: Remote

Job Location: Arlington VA

Salary: 200k - 250k

Background

• Provide the AO with an independent risk assessment of assigned systems and an authorization
• Advise program managers on AO determination utilizing OVL documentation
• Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities
• Utilize expert knowledge and experience regarding risk management strategies in support of a major DoD program
• Providing support regarding the agile authorization and OVL processes
• Provide independent risk analysis and recommendation
• Collaborate between the AO and the program as well as program leadership
• Identify the security baseline based on the mission and security impacts to the system
• Determine assessment criteria, develop, review, and create a plan to assess the security requirements
• Assess the security requirements in accordance with the assessment procedures defined in the security
• Assessment plan (SAP)
• Prepare the SAR
• Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate
• Develop the risk recommendation and AO determination brief
• Develop a system-level continuous monitoring strategy
• Author and present briefs regarding status of authorizations to AO and other senior government officials
• Provides security architecture and DoD compliance advisory support
• Perform other duties

Requirements

• Bachelor's degree in computer science/information technology, or other related degree fields (master's degree is preferred or at least 10 years of related experience)
• At least 10+ years of cybersecurity experience including a senior technical or management role, project or program management experience
• At least 1 IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP
• Must have an active TS/SCI security clearance

Preferred

• Have a strong background in ISSM, risk management, and GRC
• Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships
• Manage multiple priorities in a high-paced and fast-changing environment
• Experience supporting and assessing risks within a CI/CD DevSecOps environment
• Key areas of experience would include data mesh, data orchestration, control gates review, and vulnerability management within a pipeline
• Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (ie. AWS, AZURE & GCP)
• Experience would include cloud compute, cloud storage, cloud native solutions, cloud data transfer, cross domain solutions, and cloud networking
• Experience assessing STIGs, cloud compliance guides, Shares responsibility models, and system mission owner responsibilities within government cloud environments
• Experience working with OSD leadership or military component or branch
• Expert understanding of NIST 800 series guidelines, DoDI 8500.01, DoD 8140.03, rISO 27001, COBIT, DoD RMF, OVL, and current cybersecurity best practices
• Excellent communication/presentation skills briefing senior military and government civilian leadership
• Experienced with writing policies, guides, procedures
• Experience in hands on with eMASS, Xacta and/or other GRC tools
• Experience with federal and fedRamp A&A processes
• Experienced and comfortable advising at the SES level of customers