Lead Security Controls Assessor

About the role: We are seeking an experienced and highly skilled Lead Security Controls Assessor (SCA) to join our team. The ideal candidate will have a strong foundation in cybersecurity and information technology, particularly in Risk Management Framework (RMF), A&A (Assessment and Authorization) documentation development, and evaluating the effectiveness of security controls. This role involves assessing risks, vulnerabilities, and recommending corrective actions to ensure compliance with federal standards and industry best practices.

Role description:

• Lead and support the development of A&A documentation, ensuring adherence to Risk Management Framework (RMF) standards.

• Assess and evaluate the implementation and effectiveness of security controls within information systems.

• Conduct thorough risk and vulnerability assessments to identify potential security weaknesses or deficiencies.

• Prepare comprehensive Security Assessment Reports (SAR), including initial and final drafts.

• Identify and assess the severity of security weaknesses and deficiencies, providing recommendations for corrective actions.

• Support Assessment and Authorization (A&A) processes, including independent verification and validation (IV&V) testing.

• Provide cybersecurity response and remediation support services to address vulnerabilities and strengthen security posture.

• Collaborate with cross-functional teams to ensure timely, compliant, and effective implementation of security measures.

‍

Required Qualifications & Education:

• BS/BA Degree in Cybersecurity or Information Technology from a U.S. accredited college, university, or institution;

• 5 years of experience working with Risk Management Framework, A&A documentation development, and Assessing controls;

• Certified in Governance, Risk and Compliance (CGRC), Certified Information Systems Security Professional (CISSP) Certifications or equivalent Certification(s);

• Experience evaluating the implementation and effectiveness of the security controls of information systems;

• Experience assessing the severity of any weaknesses or deficiencies and recommending corrective actions;

• Experience preparing an initial and final Security Assessment Report (SAR);

• Experience in Assessment and Authorization (A&A) support and independent verification and validation (IV&V) testing;

• Experience conducting risk and vulnerability assessments;

• Experience providing response and remediation support services; and

• Has excellent oral, writing, and team skills.

‍

Clearance and Location Requirements:

• Able to be cleared for a Public Trust clearance.

• This position requires to be onsite 3 days per week in Washington, DC.

‍