Junior Security Control Assessor (On-Site) in Washington, District of Columbia at Crest Security Assurance
Explore Related Opportunities
Job Description
REQUIREMENTS:
At least 2 of experience performing the functions associated with this labor category.
- Experience performing control assessments as part of a team in accordance with applicable NIST standards (NIST 800-53, Rev 5, or newer version, as applicable).
- Experience preparing control assessment plans, executing technical and non-technical assessments actions, evaluating the risk associated with areas of deficiency, and documenting detailed findings and executive-level summaries of assessment results.
- Experience briefing stakeholders on key findings, recommendations, risks, and impacts.
- Experience providing direct support of information security compliance activities, including managing plans of actions and milestones (POA&Ms) and inventories of information systems.
- Understanding of relevant laws and regulations, such as NIST guidance and OMB memoranda. This includes knowledge of the NIST Risk Management Framework and familiarity with key publications like NIST SP 800-37, 800-53, and 800-171.
- Experience conducting security assessments on federal systems.
- Experience assessing and mitigating risks associated with cybersecurity and data privacy.
- Experience developing and implementing compliance programs, conducting risk assessments, and advising on compliance-related issues.
- Experience with the system Authorization to Operate process, including understanding the documentation required, the levels of approval needed, and the most effective ways to manage this process within a federal environment.
- Basic understanding of procurement processes and contract language requirements for federal mandates.
- Experience communicating complex regulatory and compliance information in a clear and concise manner.
- Experience tracking and reporting on training and awareness program performance, including calculating metrics to help measure the effectiveness of security, privacy, and social engineering training.
RESPONSIBILITIES:
The candidate shall provide support for the customer’s security compliance program that includes, but is not limited to, the following tasks:
• Work with system owners, support teams, developers, vendors, and other stakeholders as necessary to conduct control assessments.
• Ensure that plans of action and milestones (POAMs) are properly tracked, managed, and remediated.
• Assist with inventory management for security and privacy assets.
• Support training and awareness activities by developing metrics and producing reports on program effectiveness.
• Assist with the design and implementation of an authorization process that aligns with NIST standards, ensuring that new systems or significant changes to existing systems undergo proper security assessments before being authorized for operation with the environment.
• Assist with the development of a detailed security assessment framework based on NIST standards, identifying the appropriate tools, techniques, and metrics for evaluating the security of systems and applications.
• Conduct security assessments, identify vulnerabilities, document findings, and propose remediation strategies to address any identified security gaps
PLACE OF PERFORMANCE:
The selected candidate shall work on-site in the Board's Washington, DC premises 5 days per week.
CITIZEN STATUS:
US Citizen is required.
PREFERRED CERTIFICATIONS:
Certified Information Systems Security Professional (CISSP)
GIAC Security Essentials Certification (GSEC)