Senior Security Control Assessor

Job Number: 55 Job Category: GovTech Job Title: SENIOR SECURITY CONTROL ASSESSOR - VIRGINA - URGENT Job Type: Full-time Clearance Level: Top secret/SCI Work Arrangement: Remote Job Location: Arlington VA Salary: 200k - 250k Background Provide the AO with an independent risk assessment of assigned systems and an authorization
Advise program managers on AO determination utilizing OVL documentation
Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities
Utilize expert knowledge and experience regarding risk management strategies in support of a major DoD program
Providing support regarding the agile authorization and OVL processes
Provide independent risk analysis and recommendation
Collaborate between the AO and the program as well as program leadership
Identify the security baseline based on the mission and security impacts to the system
Determine assessment criteria, develop, review, and create a plan to assess the security requirements
Assess the security requirements in accordance with the assessment procedures defined in the security
Assessment plan (SAP)
Prepare the SAR
Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate
Develop the risk recommendation and AO determination brief
Develop a system-level continuous monitoring strategy
Author and present briefs regarding status of authorizations to AO and other senior government officials
Provides security architecture and DoD compliance advisory support
Perform other duties Requirements Bachelor's degree in computer science/information technology, or other related degree fields (master's degree is preferred or at least 10 years of related experience)
At least 10+ years of cybersecurity experience including a senior technical or management role, project or program management experience
At least 1 IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP
Must have an active TS/SCI security clearance Preferred Have a strong background in ISSM, risk management, and GRC
Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships
Manage multiple priorities in a high-paced and fast-changing environment
Experience supporting and assessing risks within a CI/CD DevSecOps environment
Key areas of experience would include data mesh, data orchestration, control gates review, and vulnerability management within a pipeline
Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (ie. AWS, AZURE & GCP)
Experience would include cloud compute, cloud storage, cloud native solutions, cloud data transfer, cross domain solutions, and cloud networking
Experience assessing STIGs, cloud compliance guides, Shares responsibility models, and system mission owner responsibilities within government cloud environments
Experience working with OSD leadership or military component or branch
Expert understanding of NIST 800 series guidelines, DoDI 8500.01, DoD 8140.03, rISO 27001, COBIT, DoD RMF, OVL, and current cybersecurity best practices
Excellent communication/presentation skills briefing senior military and government civilian leadership
Experienced with writing policies, guides, procedures
Experience in hands on with eMASS, Xacta and/or other GRC tools
Experience with federal and fedRamp A&A processes
Experienced and comfortable advising at the SES level of customers