New Jersey Transit

4554 Security Control Assessor

New Jersey Transit$100K — $130K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, or related field.
  • 10 years of cybersecurity experience or equivalent education/training.
  • Strong independent work ethic and emotional intelligence.
  • Exceptional oral and written communication skills.
  • IAT Level III Certification and relevant cybersecurity certifications (e.g., CISSP, CISA).

Responsibilities

  • Lead evaluations of cybersecurity controls and risk management efforts.
  • Develop comprehensive assessment plans based on established security standards.
  • Conduct technical testing of security controls to identify vulnerabilities.
  • Perform vulnerability scans and provide remediation recommendations.
  • Execute penetration testing across multiple domains to assess security weaknesses.
  • Review security configurations to ensure compliance with best practices.
  • Prepare detailed assessment reports for technical and non-technical stakeholders.

Benefits

  • Continuous improvement initiatives aimed at enhancing assessment processes.
  • Opportunities for knowledge sharing and mentorship within the team.
  • Engagement in advanced cybersecurity practices and methodologies.
Full Job Description
4554 Security Control Assessor
3779 | Top Secret

Job Description:

GENERAL DUTIES:

This role is responsible for leading Risk Management Framework and other Cyber Security controls evaluations as required for ensuring the effectiveness of security controls within an organization. Serve as the lead SCA and assist the RMF lead in managing the distribution of RMF projects and reporting status on completion efforts of each SCA team member.

Their technical functions encompass a range of tasks aimed at assessing, testing, and validating security measures to identify vulnerabilities and enhance overall security posture. Here are the technical functions typically associated with this role:

  • Security Controls Assessment Planning: Develops comprehensive assessment plans based on established security standards, frameworks (e.g., NIST SP 800-53, ISO 27001), and regulatory requirements. Define assessment scope, objectives, methodologies, and timelines.
  • Security Controls Testing: Conduct rigorous technical testing of security controls across various domains such as access control, cryptography, network security, and incident response. Use automated tools, manual techniques, and specialized testing methodologies to identify weaknesses and vulnerabilities.
  • Vulnerability Scanning and Analysis: Perform vulnerability scans using automated scanning tools to identify potential security flaws in systems, networks, and applications. Analyze scan results, prioritize vulnerabilities based on risk, and provide recommendations for remediation.
  • Penetration Testing: Conduct simulated cyberattacks to identify exploitable security weaknesses and assess the resilience of defensive measures. Perform network penetration testing, web application testing, wireless network testing, and social engineering assessments.
  • Security Configuration Review: Review and analyze security configurations for systems, devices, and applications to ensure compliance with security policies, standards, and best practices. Identify misconfigurations, weaknesses, and deviations from security baselines.
  • Security Control Validation: Validate the effectiveness of implemented security controls through rigorous testing and validation procedures. Verify that controls are functioning as intended and providing adequate protection against security threats and vulnerabilities.
  • Security Documentation Review: Review security documentation, including policies, procedures, guidelines, and technical documentation, to assess alignment with security requirements and industry standards. Ensure documentation accurately reflects implemented security controls and practices.
  • Compliance Assessment: Assess compliance with regulatory requirements, contractual obligations, and industry standards related to information security. Evaluate adherence to standards such as GDPR, HIPAA, PCI DSS, and SOX through detailed compliance assessments.
  • Risk Assessment and Mitigation: Conduct risk assessments to identify and prioritize security risks based on their likelihood and impact. Collaborate with stakeholders to develop risk mitigation strategies and action plans to address identified vulnerabilities.
  • Security Reporting and Communication: Prepare comprehensive assessment reports detailing findings, observations, recommendations, and remediation actions. Communicate assessment results to technical and non-technical stakeholders, including senior management, IT teams, and auditors.
  • Continuous Improvement Initiatives: Participate in continuous improvement initiatives aimed at enhancing the effectiveness and efficiency of security assessment processes. Identify opportunities for automation, optimization, and enhancement of assessment methodologies and tools.
  • Knowledge Sharing and Training: Share knowledge and expertise with team members through training sessions, workshops, and mentoring activities. Stay updated on emerging threats, vulnerabilities, and trends in cybersecurity to continuously improve assessment practices.


REQUIRED QUALIFICATIONS:

  • Bachelor's degree from an accredited institute in an area applicable to the position in Cybersecurity, Computer Science, Software Engineering, Systems Engineering, Information Systems, or a related technical discipline.
  • 10 years of cyber-security related experience or the equivalent combination of processional support, education, or professional training.
  • Skills: Strong Independent work ethic and Emotional Intelligence, exceptional oral and written communication skills, and the ability to work unsupervised and lead teams. Focuses on the consistent execution and updating of organizational processes and procedures to drive RMF efforts, CONMON, and POA&M efficiencies.
  • Maintain IAT Level III Certification in DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III.
  • Certification in DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP).


DESIRED QUALIFICATIONS:

  • Experience working with the most senior members of the client organization to ensure that overall program and project direction, strategy and expectations are met.
  • Possesses an understanding of DIA's CIO mission and the impact of managerial practices. - Have a firm understanding of IC and DOD Risk Management Framework (Step 1 through 7), continuous monitoring, risk scoring, and risk management experience.
  • SME in one or more of the following specialties: cloud and systems architectures, Zero Trust security architecture, cloud applications and storage, high performance computing, and software development.


CLEARANCE:

  • Top Secret Security Clearance with SCI eligibility


Job Details

City : Reston

State : VA

About New Jersey Transit

New Jersey Transit Corporation, branded as NJ Transit, is a state-owned public transportation system that serves the US state of New Jersey, along with portions of New York State and Pennsylvania. It operates bus, light rail, and commuter rail services throughout the state, connecting to major commercial and employment centers both within the state and in the adjacent major cities of New York and Philadelphia. NJ Transit also provides bus service to the Port Authority Bus Terminal in Manhattan. NJ Transit is headquartered in Newark, New Jersey.
Learn more about New Jersey Transit
Size
11,900 employees
Industry
Net Income
-$100 million
Founded
1979
5 Year Trend
-2%
Revenue
$2.4 billion
NASDAQ

Similar Jobs

More Jobs at New Jersey Transit

More Information Technology Jobs

Find similar 4554 Security Control Assessor jobs: