Description
Description
A Security Control Assessor (SCA) evaluates the effectiveness of security measures implemented in information systems to protect sensitive data and ensure compliance with regulations as well as conducting a comprehensive assessment of implemented controls with regulations as well as conducting a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements. They conduct assessments, analyze results, and recommend corrective actions to address vulnerabilities, ultimately contributing to the overall security posture of an organization.
Conduct Security Assessments: Perform in-depth assessments of management, operational, and technical security controls within information systems. This includes reviewing system documentation, conducting interviews, and performing hands-on testing to evaluate the effectiveness of security measures of implemented system-specific controls and system-implemented parts of hybrid controls are assessed.
IdentifyVulnerabilities:Analyze the results of their assessments to identify weaknesses and deficiencies in security controls. They assess the severity of these vulnerabilities and their potential impact on the system and organization.
RecommendCorrectiveActions:Based on their findings, develop recommendations for corrective actions to address identified vulnerabilities and improve the overall security posture of the system.
PrepareReports:When a control assessment is conducted in support of an authorization decision or ongoing authorization. SCAs document their findings and recommendations in formal security assessment reports. These reports must be based on an impartial and unbiased assessment process; determining the credibility of the assessment results; and ensuring that the authorizing official receives objective information to make an informed, risk-based authorization decision. These reports are used to inform decision-making and guide remediation efforts.
Contribute to Risk Management: Play a crucial role in the risk management process by identifying and assessing potential risks associated with vulnerabilities and contributing to the development of mitigation strategies.
Ensure Compliance: Ensure that systems comply with relevant security policies, standards, and regulations (e.g., NIST, CNSS)
MaintainKnowledge:Stay up-to-date on the latest security threats, vulnerabilities, and best practices to effectively perform their duties. Completes training and maintain certifications. Personnel performing any information assurance Workforce System
Qualifications
TYPICAL EDUCATION AND EXPERIENCE: Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; PhD and 0 years related experience
• U.S. Citizenship and an active TS/SCI clearance
• Risk Management: Ability to assess and manage risks associated with security vulnerabilities.
• Assessment and Authorization (A&A) Processes: Experience with the Risk Management Framework (RMF) and related processes, including System Security Plans (SSPs), Security Assessment Plans (SAPs), and Security Assessment Reports (SARs).
• Security Controls: In-depth knowledge of security controls and their implementation.
• Analytical Skills: Ability to analyze complex information, identify patterns, and draw logical conclusions.
• Problem-Solving Skills: Ability to identify and resolve security vulnerabilities and develop effective solutions.
• Experience with Security Tools: Familiarity with security tools such as Nmap, ACAS, and STIGViewer.
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
