Position Description: The
Security Control Assessor (SCA) will be responsible for evaluating and assessing the security controls of Defense Security Cooperation Agency's (DSCA) information systems. This role involves conducting comprehensive assessments to ensure compliance with federal cybersecurity standards and providing recommendations to improve the agency's security posture.
Clearance: Active Secret Clearance
Work Location: Washington DC
Responsibilities and/or Success Factors: - Conduct thorough assessments of security controls on DSCA's information systems and networks to ensure compliance with federal regulations, including NIST, FISMA, and DoD directives.
- Develop and maintain assessment documentation, including Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms).
- Perform risk assessments to identify potential security threats and vulnerabilities.
- Provide detailed recommendations to mitigate identified risks and enhance the security posture of DSCA's information systems.
- Collaborate with system owners, IT staff, and cybersecurity teams to ensure effective implementation of security controls.
- Conduct continuous monitoring activities to ensure ongoing compliance with security policies and procedures.
- Provide guidance on the security assessment and authorization (A&A) process, including developing and maintaining System Security Plans (SSPs).
- Assist in the development and delivery of cybersecurity training and awareness programs for DSCA personnel.
- Stay current with the latest cybersecurity threats, trends, and technologies to continuously improve assessment methodologies and practices.
- Participate in security audits and reviews to ensure adherence to established security standards and best practices.
Minimum Qualifications Including Certificates: - Must be a US Citizen.
- Must have a Secret Clearance
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (Master's degree preferred).
- Minimum of 5 years of experience in information security, with a focus on security control assessment and risk management.
- Certifications such as CISSP, CISM, CISA, CAP, or equivalent are highly desirable.
- In-depth knowledge of federal cybersecurity regulations and standards, including NIST SP 800 series and FISMA.
- Proven experience in conducting security control assessments and developing security assessment documentation.
- Excellent analytical, problem-solving, and decision-making skills.
- Strong communication and interpersonal skills, with the ability to effectively communicate complex cybersecurity concepts to technical and non-technical stakeholders.
- Ability to work independently and collaboratively in a fast-paced environment.
Desired Qualifications: - eMASS, cloud, STIGS experience
