Tetrad Digital Integrity LLC

Security Control Assessor

US-DC
2 months ago
ID
2017-1095
# of Openings
5
Category
Information Technology

Overview

TDI is seeking a Security Control Assessor to conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The Security Control Assessor will provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.

Responsibilities

  • Facilitate the completion of the NIST RMF process;
  • Document the system boundary;
  • Update documents according to change in the environment;
  • Assess security controls;
  • Document security assessment (SCA);
  • Document the assessment findings in the Security Assessment Report (SAR);
  • Address comments and providing feedback from the findings as needed;
  • Provide independent RMF Step 4 documentation review and security assessment services in support of A&A;
  • Apply the standard policy and procedure templates and tools;
  • Implement an Assurance Policy that is detailed, relevant and clear;
  • Develop effective Standard Operating Procedures and Guidelines; and
  • Ensure that policy is well-integrated into the entire security program

Qualifications

  • Degree in Computer Science or related discipline from an accredited college or University required.
  • Possess 3+ years of experience conducting security control assessment of all NIST 800-53 controls.
  • Technical understanding (understanding network diagrams, vulnerability and compliance scans)
  • Excellent Communication skills (written and oral).
  • Experience creating and maintaining various security documents such as the Security Assessment Plan.
  • Thorough knowledge of NIST 800-53 security controls and required documentation.
  • Conduct security control assessments based on a Risk Management Framework approach.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed