logo

View all jobs

Senior Security Controls Assessor

Washington, DC
ClearFocus Technologies, a HUBZone certified company, is located in Leesburg, VA. We specialize in cybersecurity and support multiple government and commercial clients for a variety of missions. We value our clients, integrity and employees and believe a single person can make a difference!  

We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more! 

We are currently looking for a Senior Security Controls Assessor located in DC (position could be remote at times).

Roles & Responsibilities
The ability to conduct an Independent Assessment that provides a third-party verification of the current cybersecurity hygiene of the information systems within the purview of our customer. This assessment aims to identify the maturity levels of current Assessment & Authorization capabilities, practices, and processes with the intent of enhancing those, where feasible, to support Continuous Monitoring activities and follow-on Ongoing Authorization activities in support of Assessment & Authorization (A&A) practices. 
 
Qualifications/Knowledge/Skills/Experience
  • Experience with the NIST Risk Management Framework particularly in the area of Assessing Security Controls, conducting Continuous Monitoring activities, and performing Ongoing Authorization practices.  
  • Experience with Information System Continuous Monitoring methodology and practices as described within NIST SP 800-137. 
  • Experience with conducting Security Control Assessments 
  • Experience with adhoc testing, and formalized Examine, Inspect, Interview assessment methodology. 
  • Familiarity with Traceability Chains and evaluating maturity levels or varying levels of compliance with decision tree type of testing as described with NIST SP 800-137A.  
  • Experience Analyzing Information System Device Configurations (Firewall Configurations, Database Configurations) 
  • Experience Drafting Security Assessment Reports (SAR) or Independent Assessment Reports (IAR) 
  • Experience Developing Outbrief Presentations 
  • Experience Drafting Plan of Actions and Milestones (POA&M) assignments. 
  • Experience with providing Mitigation Recommendations on a variety of technical platforms to achieve compliance.  
  • Familiar with Current Security Profiles and Target Security Profiles as described within the NIST Cybersecurity Framework 
  • Experience with drafting strategic programmatic policy documentation such as an Information System Continuous Monitoring Plan, Information System Continuous Monitoring Implementation Plan, and Strategic Roadmap or similar methodology for implementing those plans. 
    Essential Policy Knowledge and Expertise: 
    • NIST 800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans 
    • NIST Cybersecurity Framework v1.1 
    • NIST SP 800-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations NIST SP 800-137A:
    • Assessing Information Security Continuous Monitoring (ISCM) Programs:
    • Developing an ISCM Program Assessment 
  • Excellent written and verbal communication skills.  
  • Experience interacting with and presenting complex information security related concepts to System Owners, Key Decision Makers, and Senior Leadership. 
  • Candidate must be an independent self-starter, requiring little oversite for the completion of this task.  
  • Must possess good time management skills as there are very strict budgets associated with the different aspects of this project.  
  • Currently possess, or ability to obtain a position of Public Trust.  
Preferred Skills
  • Bachelor's Degree in a relate field
  • Information Security or Risk Management related certification such as CISSP, CISA, CISM, CRISC, etc. 
     
Powered by