Arlington, VA, 22212, USA
41 days ago
Senior Security Control Assessor (SCA)
Senior Security Control Assessor (SCA) Arlington, VA · Information Technology Join our Talent Network Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you seeking a career where professional development is embedded in your employer’s core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level! SecuriGence is a wholly owned subsidiary of Chenega Corporation, an Alaska Native Corporation based in Anchorage, AK. Belonging to the Military, Intelligence, and Operations Support (MIOS) Strategic Business Unit (SBU), Chronos has a culture rooted in integrity, respect, and exceptional performance. SecuriGence, headquartered in Leesburg, VA, provides mission-critical services in Cybersecurity, Systems Engineering and Integration, IT Operations Support, Software Development, and Program Management. Job Title:Senior Security Control Assessor (SCA) Location:Arlington, Virginia Clearance Level:Top Secret Clearance Summary We deliver essential technology services to our customers in support of their missions to sustain the national security and economic interest of our nation. SecuriGence is seeking a talented Senior Security Control Assessor to help contribute to our success. Come help us solve problems with Innovation Through Intelligence. Duties: + Advise the Information System Owner (ISO) concerning the impact levels for Confidentiality, Integrity, and Availability for the information on systems. + Ensure security assessments are completed for each IS. + Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR. + Evaluate security assessment documentation and provide written recommendations for security authorization to the CISO and AO. + Assess proposed changes to Information Systems, their environment of operation, and mission needs that could affect system authorization. + Serve as a cybersecurity technical advisor to the CISO and AO under their purview. + Be integral to the development of the monitoring strategy. The system-level continuous monitoring strategy must conform to all applicable published DoD enterprise-level or DoD Component-level continuous monitoring strategies. + Determine and document in the SAR a risk level for every noncompliant security control in the system baseline. + Determine and document in the SAR an aggregate level of risk to the system and identify the key drivers for the assessment. The SCA's risk assessment considers threats, vulnerabilities, and potential impacts as well as existing and planned risk mitigation. + Develop the continuous monitoring plan specific to the information system. Required Skills and Experience: + Strong knowledge of Risk Management Framework (RMF) 800-37 and continuous monitoring 800-137 + Expert knowledge and hands-on experience with FISMA Systems, NIST 800-series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management, risk management, project management, proficient with Microsoft products - Word, Excel, PowerPoint. + Proficient with vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports. Experience in project management and tracking, and the Microsoft suite of office products + Experience of assessing cloud-based security authorizations (FedRamp, AWS & Azure) as well as the NIST control responsibilities + Experience with SAP/JSIG + Expert with documenting and or reviewing of security materials such as; system security plans (SSP), Security Assessment Report (SAR), and Security Assessment Plan (SAP), and other documents per NIST 800 guidelines. + Experience supporting cloud-based security authorizations (FedRamp, AWS, & Azure) + Experience creating Security Assessment Plans, Security Assessment Reports, and Executive-level briefings Qualifications: + Bachelor's degree or higher. Can be substituted for Associate's degree with 2+ years of relevant experience or 4 years relevant experience. + 5 years relevant experience. + DOD 8140 IAM Level II (CAP, CASP, CISM, CISSP, GSLC, CCISO) + Top-Secret Clearance with SCI eligibility is required. + Performing work onsite is required. Click on the blue button on the upper right-hand corner to join our Talent Network. Please contact me directly for immediate assistance. Matthew J. Keller Vice President of Talent Acquisition Chenega Military, Intelligence, and Operations Support (MIOS) Strategic Business Unit matthew.keller@chenega.com Our EEO Policy The Chenega Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on basis of disability. The Corporation's Affirmative Action Plans are available for review by employees and job seekers by contacting the EEO/AA Officer to schedule an appointment during business hours. Equal Opportunity Employer/Veterans/Disabled. Native Preference under PL 93-638. Drug-free workplace. We participate in the E-Verify Employment Verification Program. Read Chenega Corporation's Equal Opportunity Statement (https://www.chenega.com/Media/Default/Docs/Chenega%20Equal%20Employment%20Opportunity%20Statement.pdf) . EEO is the law: http://www1.eeoc.gov/employers/upload/eeoc\_self\_print\_poster.pdf Pay Transparency Nondiscrimination Provision The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c) h​t​t​p​s​:​/​/​w​w​w​.​d​o​l​.​g​o​v​/​o​f​c​c​p​/​r​e​g​s​/​c​o​m​p​l​i​a​n​c​e​/​p​o​s​t​e​r​s​/​ofccpost.htm (https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm) Persons with Disabilities If you are a person with a disability requiring special accommodations or assistance to apply for a job please contact recruiting@chenega.com or call (907) 771-5011. Join our Talent Network
Confirm your E-mail: Send Email