Security Controls Assessor

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead hands-on technical assessments of NIST SP 800-53 security controls, including relevant overlays such as high-value assets, artificial intelligence, critical software, and FedRAMP.

• Act as a technical subject matter expert for FISMA and FedRAMP across SA&A, ASCA, and Event-Driven Security Controls Assessment initiatives.

• Oversee the Discovery, Assessment, Risk Validation, and Finalization phases, which encompass the development of Security Assessment Plans, evidence collection, control assessment meetings, and the finalization of Security Assessment Reports.

• Organize and facilitate stakeholder meetings and findings reviews, providing briefings to stakeholders regarding draft Security Assessment Report findings and risk decisions.

• Regularly maintain and update assessment package templates (Security Assessment Plan, System Security Plan, Security Controls Traceability Matrix, Security Assessment Report, and Action Item List) to ensure consistency and compliance.

• Evaluate the implications of new laws, regulations, policies, and guidance on the client's assessment requirements and suggest process modifications.

• Offer daily technical guidance and mentorship to security analysts.

• Integrate threat modeling and threat hunting into the assessment methodology to proactively identify and address risks.

• Propose automation strategies, including robotic process automation, workflow orchestration, and data transformation, to enhance the efficiency and accuracy of assessments.

• Assist with FedRAMP package reviews for cloud initiatives and respond to data calls and audits from the agency inspector general, GAO, and OMB.

• Facilitate knowledge transfer and skill development for federal staff, enabling them to conduct assessments and act as backups for contractor assessors.

⛳️ Requirements

• A minimum of five (5) years of progressively responsible experience in information security, security control assessment, or cyber risk management.

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related area, or an additional three (3) to five (5) years of pertinent experience in lieu of a degree.

• Proven hands-on experience in assessing NIST SP 800-53 controls and producing A&A artifacts (System Security Plan, Security Assessment Plan, Security Assessment Report, Security Controls Traceability Matrix, and Plan of Action and Milestones).

• Familiarity with FISMA, the NIST Risk Management Framework (NIST SP 800-37), FedRAMP, ISCM, and CDM.

• Demonstrated experience with technology risk assessments, security engineering, and security architecture principles.

• Background in cloud systems, cloud service providers, and FedRAMP requirements.

• Experience with GRC platforms (such as Qmulos Q-Compliance, ServiceNow GRC), SharePoint, scanning tools, and SIEM solutions (e.g., Splunk).

• Understanding of FIPS 199 security categorization and privacy control assessment.

• Excellent written and verbal communication skills along with effective stakeholder engagement abilities.

• Preferred certifications include CISSP, CISM, CISA, or CAP certification.

🏝️ Benefits

• Valiant covers 99% of Medical, Dental, and Vision Insurance for Full-time Employees.

• Valiant contributes 25% towards Health Coverage for Family and Dependents.

• Full-time Employees receive 100% Paid Short Term Disability and Life Insurance Policy.

• 100% of Certification costs are covered.

• 401K Matching up to 4% is available.

• Paid Time Off is offered.

• Paid Federal Holidays are included.

• Wellness & Fitness Program is provided.

• Access to Valiant University – an Online Education and Training Portal.

• FSA programs available for Medical Costs, Dependent Care, Transit, and Parking.

• Referral Bonuses are offered.