Security Controls Assessor
GreenZone Solutions, Inc. is conducting a search for a Security Controls Assessor for our client based in Washington DC. Our client is an agency that promotes financial stability by looking across the financial system to measure and analyze risks, perform essential research, and collect and standardize financial data.
The ideal candidate is a highly motivated and capable professional. Reporting to a Senior Lead, the SCA will support the agency by assessing current and future systems through leveraging industry standards (NIST) and organizational policies to provide compliance so that systems receive Authorization to Operate (ATO) as a part of the Assessment and Authorization (A&A) process. The SCA will be able to support and develop security documentation and specific artifacts as part of the Risk Management Framework. This is a full-time, direct-hire opportunity that offers great benefits with a growing organization.
- Conduct IT controls risk assessments that include; reviewing organizational policies, standards, procedures, and NIST guidelines.
- Perform evaluation of policies, procedures, security scan results, and system settings to address controls that are insufficient during conducting the A&A and Risk management Framework efforts
- Analyze controls and conducting compliance / validation
- Document and Review system security plans (SSP)
- Create Security Assessment Report, and Security assessment Plan, and other documents per NIST 800 guidelines
- Collaborate with agency officials and preparing briefing materials
- Participate in client status meetings, and submit weekly / monthly status reports
- Participate in conducting security scans or review of security materials
- Create Plan of Action and Milestones (POA&M) for vulnerabilities identified through the assessment and security scans
- Expert at supporting cloud based security authorizations (FedRamp and AWS)
- 5+ years serving in a lead role, managing tasks, schedules, resource allocation, and communication with key stakeholders, etc.
- 5+ years as Subject Matter Expert (SME) with NIST SP 800-53, 800-37, 800-115, and 800-30
- 5+ years performing security assessments
- 5+ years of experience creating Security Assessment Plans, Security Assessment Reports, and Executive-level briefings
- 5+ years of experience with vulnerability scanning tools such as Nessus, McAfee Vulnerability Manager (MVM), HP WebInspect, QualysGuard, Redseal, AppDetective, BurpSuite, and Wireshark
- Bachelor's Degree in Cyber Security or Information Systems Management or related field
- Experience configuring solutions for systems
- Experience with system security plan, disaster recovery plan, coop plan, incident response plan, ISA, MOU
- Experience with report writing and analysis
- Exposure to data migration and custom code development
- 5+ years of experience with scripting and automation
At GreenZone, we are dedicated to obtaining and maintaining the highest level of employee satisfaction by offering a competitive benefits package that includes medical, dental and vision, short and long term disability, retirement plan and company match, a generous annual leave plan, and a commitment to providing a work/life balance for all employees.