Security Control Assessor - Team Lead - Zermount, Inc

Security Control Assessor Team Lead

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

Summary

Zermount Inc. is seeking a Security Control Assessor Team Lead who will play a vital role in leading multiple teams on large projects. The System Security Assessment Team Lead will oversee all aspects of the Assessment Team ensuring the performance of complex risk analyses, including risk assessments. The System Security Assessment Team Lead will determine information assurance based upon the analysis of technical, user, policy, regulatory, and resource implementations. They will also support customers at the highest levels in the analysis of the implementation of doctrine and policies.

Duties & Responsibilities

• Serve as the liaison to System Owners for completing all Security Authorization, Preliminary Risk Assessment, and ad hoc Risk Assessment efforts.
• Assess all applicable security controls defined in the mandated DHS Compliance tool and applicable to the systems under their purview.
• Assess the completeness and accuracy of system a FIPS-199, Privacy Threshold Analysis (PTS), E-Authorization, Contingency Plans (CPs), Contingency Plan Tests, Security Plans.
• Develop SA Package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, Findings and recommended POA&M Matrices.
• Analyze evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate customer repository.
• Manage mini teams to ensure all SA Activities are completed.
• Ensure results are documented completely and accurately in the mandated DHS Compliance Tool at the operating system, application and database levels.
• Provide Recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.
• In view of the remote nature of the contract, an individual, and Team Weekly Status Report and Briefing are required deliverables for tasks assigned. Must have the ability to effectively develop weekly status reports, that are consistent, well structured, answer to all the assigned management templates guidelines, and are in alignment with the task area. At a minimum the weekly status report should reflect the following: Weekly work accomplished, 2 weeks of ongoing and planned tasks, Risks, and issues impacting tasks assigned
• The report format will be primarily MS PowerPoint and MS Project (or other MS tools as required by the management team).
• All Deliverables shall be at a level of accuracy that does not require "return for correction" for typographical and grammatical errors. (Repetitive requests for correction by the management or Government team may result in a determination of failing to meet the basic standards for professional writing, reporting, accuracy, quality, and completeness of the contractual requirements for deliverables.)
• Must have the ability to prepare to present, brief, and explain; all information captured in weekly status report to management and/or government client.
• Conduct SCA and provide quality assurance and SCA expertise to other team members.

Qualifications

• A minimum of ten (10) years of IT cybersecurity experience including direct support for the US Government and seven (7) years actin as an ISSO, assessor, or compliance analyst for enterprise IT systems, or a relevant Master's degree in IT, Computer Science, or Engineering and seven (7) years of IT cybersecurity experience including direct support for the US Government and five (5) years acting as an ISSO, assessor, or compliance analyst.
• Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
• Experience and knowledge of Executive Orders (EO's), Office of Management and Budget (OMB) Memorandums, Federal, DoD and CISA Technical Reference Architectures, Maturity Models, NIST guidance, FISMA, Cloud, and Risk Management Framework (RMF). Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
• Technical knowledge of complex enterprise IT systems
• Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Tenable, Nessus Security Center, Splunk, etc.
• Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.
• Understanding of zero trust principles is beneficial but not required.
• Proficient in risk assessment methodologies and security architecture frameworks.
• Technical knowledge of complex enterprise IT systems.
• Experience with cloud-based environments and technologies is preferred.
• Knowledge of common cybersecurity threats, risks, and vulnerabilities and how to mitigate them.
• Excellent communication skills, with the ability to explain complex concepts in a clear, concise manner.
• Technical knowledge of IT systems and implementation of security controls.
• Strong problem-solving skills, proactive attitude towards identifying potential issues and implementing solutions.
• The ability to organize and motivate a project team.
• Must be able to conduct system analysis to detect issues with performance.

Education

Master's degree preferable but professional experience is Permitted:

• A relevant master's degree in IT, Computer Science, or Engineering and 7 years of IT cybersecurity experience including direct support for the US Government and 5 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems OR
• A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems.

Certifications and Training (Required)

At least one of the following security certifications:

· Certified Authorization Professional (CAP)

· Certified Information Systems Security Officer (CISSO)

· Certified Information Security Manager (CISM)

· Certified Information Systems Security Professional (CISSP)

Clearance Level

Minimum of active Secret Clearance.

Work Location

Remote

Hours of Operation

Business Hours: 9:00 am EST - 5:00 pm EST.