Security Control Assessor

This is a fully remote position, open to applicants in United States.

📋 Description

• Implements, maintains, and evaluates security controls that support enterprise and government systems in accordance with approved baselines, organizational needs, and federal cybersecurity standards.

• Assists in system authorization tasks, which includes the creation, upkeep, and provision of System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and other security documentation necessary for Authorization to Operate (ATO) approval.

• Monitors the security posture of systems, identifies risks, vulnerabilities, and compliance deficiencies, and coordinates remediation efforts with system owners, technical teams, cybersecurity operations, and governance stakeholders.

• Facilitates ongoing monitoring, vulnerability management, configuration management, change management, audit preparation, and security reporting initiatives.

• Evaluates the security implications of system modifications and ensures readiness for security assessments, audits, and reviews by Authorizing Officials.

• Acts as a cybersecurity liaison among system teams, cybersecurity operations, and governance bodies to promote secure system functions, compliance, and the submission of System Security Plans to the Y-12 Field Office for Approval to Operate.

⛳️ Requirements

• A minimum of five (5+) to ten (10+) years of experience in cybersecurity, information systems security, security control assessment, ISSO support, system authorization, or similar programs and contracts with comparable scope, type, and complexity is mandatory.

• Strong comprehension of NIST SP 800-37 and NIST SP 800-53.

• Proven experience in implementing, maintaining, and assessing security controls that align with approved security baselines and organizational requirements.

• Demonstrated experience in supporting system authorization processes, including the preparation and upkeep of System Security Plans (SSPs), POA&Ms, and other documentation related to ATO.

• Experience in monitoring system security posture and identifying risks, vulnerabilities, compliance gaps, and necessary remediation actions.

• Skilled in tracking and managing POA&Ms and coordinating remediation activities with system owners, technical stakeholders, and cybersecurity teams.

• Background in supporting continuous monitoring activities, vulnerability management, security reporting, and audit readiness.

• Experience in assessing the security impact of system changes and assisting with configuration and change management processes.

• Familiarity with preparing systems for security assessments, audits, and reviews by Authorizing Officials.

• Capacity to act as a security liaison between system teams, cybersecurity operations, and governance bodies.

• Preferred experience in secure government, Department of Energy (DOE), or federal cybersecurity environments.

🏝️ Benefits

• No benefits specified.