The Security Control Assessor / Cybersecurity Manager is responsible for performance of cybersecurity framework assessments to determine compliance with Government-mandated contractual cybersecurity regulatory certification. This includes: Cybersecurity Maturity Model Certification (CMMC) for Maturity Levels 1, 3, and 5, NIST SP 800-171, NIST SP 800-172, NIST SP 800-53 (RMF), ISO 27001, CIS, the NST Cybersecurity Framework, and many others.
Requirements
- Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties, and privacy laws)
- Knowledge of current and emerging cyber technologies
- Evaluates a system's compliance with information technology (IT) security, resilience, and dependability requirements
- Knowledge of computer networking concepts and protocols, and network security methodologies
- Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
- Assesses the effectiveness of NIST 800-171/CMMC security controls
- Designs/integrates a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan
- Drafts, staffs, and publishes cyber policy
- Develops methods to monitor and measure risk, compliance, and assurance efforts
- Develops specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
- Drafts statements of preliminary or residual security risks for system operation
- Maintains information systems assurance and accreditation materials
- Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan
- Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
- Plans and conducts security authorization reviews and assurance case development for initial installation of systems and networks
- Verifies that application software/network/system security postures are implemented as stated, documents deviations, and recommends required actions to correct those deviations
- Assesses policy needs and collaborates with stakeholders to develop policies to govern cyber activities
- Monitors the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services
- Provides policy guidance to cyber management, staff, and users
- Reviews, conducts, or participates in audits of cyber programs and projects
- Supports the CIO in the formulation of cyber-related policies
- Interprets and applies applicable laws, statutes, and regulatory documents and integrate into policy
- Promotes awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of emerging technologies that have potential for exploitation by adversaries
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity
- Knowledge of specific operational impacts of cybersecurity lapses
- Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues
- Supervises, develops, and trains associates and senior associates
- Reviews and evaluates work prepared by associates and senior associates
- Trains associates and senior associates on how to use current software tools and Industry Specialty Services methodology
- Schedules and supervises workload of associates and senior associates
- Provides verbal and written performance feedback to associates and senior associates
- Acts as a Career Advisor to associates and senior associates
Benefits
- Paid Time Off
- Health Insurance
- 401k Matching
- Retirement Plan
