Control Assessor – NIST
Responsible for assessing the controls, documenting process, filling the templates and feeding into the SSP and POAM.
- Provide information assurance support to IS team contracting (or subcontracting) federal agency
- Support activities for Assessment and Authorization (A&A) of identified systems, and Information Security Continuous Monitoring (ISCM), in compliance with NIST SP 800-171 controls within the Risk Management Framework (NIST SP 800-171).
- Develop and maintain assessment process documentation.
- Recommend improvements of existing A&A and ISCM processes.
- Assess system compliance with NIST 800-171 controls for all in scoped application systems undergoing the Risk Management A&A.
- Close open findings in existing systems after being approved by application owner or manager after evaluating the necessary evidences.
- Continuous Monitoring of existing systems and outstanding actions agreed as per POAM.
- Adjudicate Plans of Action and Milestones (POA&Ms)
The Control Assessor – NIST role requires the following knowledge base and skills:
- 3-4 year of experience in conducting security control assessments based on NIST SP 800-53/800-171A
- Understanding of NIST Risk Management Framework and DFARs Compliance and FEDRAMP for cloud.
- Understanding of various technologies and operating systems and related controls around them, such as Oracle, MySQL, Windows, etc.
- Familiarity of authorization concept and risk management practices
- Bachelor's degree, preferably in Computer Science, Information Technology, Computer Engineering, or related IT discipline; or equivalent experience.