Senior Cyber Security Consultant
Job Description: Control Assessor – NIST
Responsible for assessing the controls, documenting process, filling the templates and feeding into the SSP and POAM.
• Provide information assurance support to IS team contracting (or subcontracting) federal agency
• Support activities for Assessment and Authorization (A&A) of identified systems, and Information Security Continuous Monitoring (ISCM), in compliance with NIST SP 800-171 controls within the Risk Management Framework (NIST SP 800-171).
• Develop and maintain assessment process documentation.
• Recommend improvements of existing A&A and ISCM processes.
• Assess system compliance with NIST 800-171 controls for all in scoped application systems undergoing the Risk Management A&A.
• Close open findings in existing systems after being approved by application owner or manager after evaluating the necessary evidences.
• Continuous Monitoring of existing systems and outstanding actions agreed as per POAM.
• Adjudicate Plans of Action and Milestones (POA&Ms)
The Control Assessor – NIST role requires the following knowledge base and skills:
• 3-4 year of experience in conducting security control assessments based on NIST SP 800-53/800-171A
• Understanding of NIST Risk Management Framework and DFARs Compliance and FEDRAMP for cloud.
• Understanding of various technologies and operating systems and related controls around them, such as Oracle, MySQL, Windows, etc.
• Familiarity of authorization concept and risk management practices
• Bachelor's degree, preferably in Computer Science, Information Technology, Computer Engineering, or related IT discipline; or equivalent experience