(178) Senior Security Control Assessor

Strong background in information security systems management (ISSM), risk management, and governance, risk and compliance (GRC). Experience supporting and assessing risks within a CI/CD DevSecOps environment. Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (AWS, AZURE & GCP). Experience assessing STIGs, Cloud Compliance Guides, Shares responsibility models, and System Mission Owner responsibilities within Government Cloud Environments. Experience working with OSD leadership or Military component or branch. Expert understanding of NIST 800 series guidelines, DoDI 8500.01, DoD 8140.03, rISO 27001, COBIT, DoD RMF, OVL, and current cybersecurity best practices. Excellent communication/presentation skills briefing senior military and government civilian leadership. Experienced with writing policies, guides, procedures. Experience in hands on with eMASS, Xacta and/or other GRC tools. Experience with Federal and FedRamp A&A Processes. Experienced and comfortable advising at the Senior Executive Service (SES) level of customers. Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience). At least 10+ years of cybersecurity experience including a senior technical or management role. At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP.

Provide independent risk assessment of assigned systems. Advise Program Managers on Authorization Official determination. Provide senior advisory support to CDAO AO regarding authorizations. Utilize expert knowledge in risk management strategies. Support agile authorization and OVL processes. Provide independent risk analysis and recommendation. Collaborate between the AO and the program. Identify security baseline based on mission and security impacts. Determine assessment criteria, develop, review, and create a plan to assess security requirements. Assess security requirements in accordance with assessment procedures. Prepare the Security Assessment Report (SAR). Monitor POAM actions and reassess remediated risk(s). Develop the Risk Recommendation and AO Determination Brief. Develop a system-level continuous monitoring strategy. Author and present briefs regarding authorization status. Provide security architecture and DoD compliance advisory support.