View all jobs

Security Control Assessor 2018-C-101

Springfield, VA · Government/Military
Join ICES on a newly awarded contract impacting national security as a Security Control Assessor.  These positions are located in Springfield, VA. All positions require an US Citizenship and active/current TS/SCI security clearance with Counterintelligence Polygraph and be willing and able to pass an additional polygraph as needed.
As a Security Control Auditor specific responsibilities include, but are not limited to:
  • Select and allocate appropriate security controls for information systems based on data types
  • Identify, prioritize, and determine security risk impacts to the information systems and its data
  • Monitor information system’s Plan of Action & Milestones (POA&Ms) to confirm findings, recommendations, risk mitigation strategies, and milestones
  • Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an A&A workflow software application
  • Review and compile the BOE (i.e., security control allocations, security control implementations, test results, Security Assessment Reports (SARs), POA&Ms, risk acceptance recommendations, and risk mitigation strategies) to support the recommendation for client risk acceptance authorization decisions
  • Review SARs, verify test results, and create POA&Ms to document corrective actions with milestone completion dates
  • Assist in developing risk mitigation strategies, solutions, and recommendations by reviewing security tests results, reviewing security control assessments, and participating in security design reviews and milestone decision boards
  • Develop and document risk assessment results and recommendations using identified threats, applicable vulnerabilities, and likelihood of occurrence within the context of client risk tolerances
  • Provide guidance to Program Managers (PMs) and Information Systems Owners (ISOs) for securing information systems in accordance with ICD 503, CNSSI 1253, and NIST SP 800-30, 800-37, 800-39, and 800-137
  • Provide guidance and recommendations concerning the impact to client risk management processes of new or revised IC and DoD policies, directives, and guidance
  • Promote an understanding and use of Enterprise Security Services (ESS) to enable consistent, efficient, and effective security control implementation throughout the System Development Lifecycle (SDLC)
Required Qualifications:
  • Hold a current, active and maintain a TS/SCI U.S. Government security clearance
  • Bachelor’s Degree in Information Technology, Information Systems Security, Cybersecurity, or related field
  • 5+ years of relevant consulting or industry experience
  • Proven experience effectively prioritizing workload to meet deadlines and work objectives
  • Demonstrated ability to write clearly, succinctly, and in a manner that appeals to a wide audience
  • Proficiency in word processing, spreadsheet, and presentation creation tools, as well as Internet research tools
  • Hold or earn an IAT/IAM Level III security certification.  Certifications include: CISSP, CISM, CISA, CASP, CCNP Security, GCED, GCIH, or GSLC.
Desirable Qualifications:
  • Previous Federal Consulting experience
  • Understanding of fundamental cloud computing concepts
  • Experience with Information Assurance concepts and processes within the Federal government
  • Knowledge of and experience with Federal security regulations, standards, and processes including FISMA, FIPS, NIST, and FedRAMP
  • (Recruiters to add more bullets if needed
Powered by