Cyber Security Assessment & Authorization Analyst

About The Position

Requirements

• Bachelor's degree in Management Information Systems, Computer Science, or related cybersecurity discipline.
• Minimum 8 years of experience with assessment and accreditation (A&A).
• Minimum 8 years of experience as a security control assessor or validator.
• Minimum 8 years of experience with maintaining IT security policies, processes, and guidance.
• Minimum 3 years of experience with using GRC tool – CSAM
• Ability to obtain a Public Trust Clearance.

Nice To Haves

• Experience with using continuous monitoring tools to assist with the automation of assessment efforts and with A&A of cloud-platforms

Responsibilities

• Support a client as an assessment and authorization (A&A) analyst, including A&A efforts for various agency systems.
• Leads the team on ISSO and Assessors in the day to day tasks.
• Maintain responsibility for supporting federal clients obtaining the authority to operate (ATO) for new and modernized systems.
• Serve as senior team lead providing guidance and working with team members in performance/delivery of all assigned A&A efforts
• Adhere to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing and implementing security controls, testing and validating security controls, and analyzing and tracking corrective action plans.
• Ensure all supporting artifacts and results will be documented in the A&A repository
• Performing security controls assessments on security boundaries and producing required security documentation.
• Experience with NIST special publications (SPs) regarding the SA process, including SP 800-53, SP 800-137, and SP 800-37.
• Experience with continuous monitoring and plans of action and milestones (POA&M) management.
• Experience with assessing systems deployed in Cloud Environments.