logo

View all jobs

Senior Security Control Assessor

Rosslyn, VA
Life moves faster than ever. Change is continuous, accelerated by technology and embraced by society.
 
How organizations respond to change determines success or failure. With drivers of change including technological disruption, a dynamic workforce, and shifting political priorities, the need for organizations to be agile and adapt to change has never been greater. To harness continuous change, organizations are turning to modernization. CVP is a management consulting company that helps organizations navigate change and prepare for a culture of continuous change with innovative strategies and solutions.
 
Change Happens. Continuously. Are you and your organization ready?
 
We’re CVP, Navigating Change.

CVP is seeking a Senior Security Control Assessor to support the Department of State, Diplomatic Security, Office of the Chief Technology Officer, Enterprise Product Services Division, Compliance Governance Branch IT Security Compliance Services program. This position will conduct a comprehensive assessment of the management, operational, technical and privacy security controls employed within or inherited by an information system to determine the overall effectiveness of the controls and the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

The professional in this role will provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities. 

Major Areas of Responsibility
 
  • Perform security assessment of information systems leveraging established testing and evaluation techniques and tools.
  • Complete risk assessments, evaluate security documentation, and provide written recommendations for authorization.
  • Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed.
  • Advise the government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system.
  • Develop, review, endorse, and recommend action for both the Risk Executive and Authorizing Official.
  • Conduct tests that include verification that the features and assurances required for each protection level are functional.
  • Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed.
  • Assess changes in the system, its environment, and operational needs that could affect the accreditation.
  • Conduct periodic testing of the security posture of the information system.
  • Provide expert research and analysis in support of expanding programs and area of responsibility.
  • Assess information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
  • Support customers at the highest levels in the assessment and implementation remediation of doctrine and policies.
  • Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
  • Perform analysis of security features for system architectures.
  • Perform management and coordination tasks.  
Requirements
 
  • Must have an active Top Secret government security clearance.
  • Security+ certification.
  • Bachelor's Degree in related discipline. CISSP or CISA accepted in lieu of required education. 
  • Seven (7) years of experience in Security Authorization / Security Control Assessment.
  • At least seven (7) years of security assessment experience.
  • Already possess or must be able to obtain Certified Audit Professional (CAP) and/or Certified information Systems Auditor (CISA) within six (6) months.
  • Knowledge of NIST, FISMA, and Cloud environments.  
Desired Skills
 
  • Knowledge of DOS Information Security and Privacy guidelines.
  • Experience with Security Assessment Tools (Nessus, DBProtect, Wireshark, etc).
  • Understanding of various Cloud environments.
  • CISSP or CISA certification. 
CVP is a VEVRAA Federal Contractor and an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability. Customer Value Partners seeks to provide employment opportunities for protected veterans and individuals with disabilities.
Share This Job
Powered by