Cyber Security Control Assessor
About The Position
CACI is searching for a Cyber Security Control Assessor to support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. As a Cyber Security Control Assessor, you will play a crucial role in ensuring the security and compliance of FEMA's information systems through comprehensive independent assessment of security controls. You will work in a dynamic environment, collaborating with system owners, ISSOs, stakeholders, and cybersecurity professionals to evaluate the effectiveness of security control implementation. Your efforts will directly contribute to safeguarding FEMA's mission-critical systems and data. The Cyber Security Control Assessor will serve as a senior independent assessor for control design, implementation, and effectiveness across assigned systems and authorization boundaries. This position requires evaluating the effectiveness of IT security controls including management, operational, and technical controls and determining if controls meet compliance requirements under NIST SP 800-53 and DoD RMF. The Cyber Security Control Assessor will perform assessment procedures including interviews, examinations, and testing and verify control implementation and effectiveness. This role is critical for analyzing System Security Plans (SSPs), policies, procedures, and evidence artifacts to identify security gaps and evaluate residual risk.
Requirements
- U.S. Citizenship required
- BS/BA + 7 years of applicable experience in RMF, control assessment, audit, cybersecurity compliance, or security engineering
- 5+ years of experience in RMF, control assessment, audit, cybersecurity compliance, or security engineering
- Demonstrated expertise in NIST SP 800-53, NIST SP 800-37 (RMF), and D
Nice To Haves
- FEMA EOD suitability or Current DHS or FEMA EOD preferred
Responsibilities
- Evaluate the effectiveness of IT security controls including management, operational, and technical controls and determine if controls meet compliance requirements under NIST SP 800-53 and DoD RMF.
- Perform assessment procedures including interviews, examinations, and testing to verify control implementation and effectiveness.
- Analyze System Security Plans (SSPs), policies, procedures, and evidence artifacts while reviewing security documentation for completeness and accuracy.
- Identify security gaps and evaluate residual risk, as well as generating findings for security assessment reports.
- Perform security reviews and identify security gaps in security architecture while providing recommendations for inclusion in risk mitigation strategy.
- Evaluate technical, operational, and management controls and conduct independent assessments across assigned systems and authorization boundaries.
- Review and maintain in the system of record security architecture documentation and providing critical written and verbal analyses of previously generated security architecture documentation and vulnerability and risk assessments.
- Support authorization to operate IT systems at acceptable levels of risk, monitoring and testing of IT systems for vulnerabilities and indicia of compromise, and support incident response and remediation activities.
- Provide information assurance for digital information, ensuring its confidentiality, integrity, and availability, supporting the development of appropriate policy and relevant user security awareness and training, and ensuring compliance with applicable government and other external standards.
- Conduct Security Assessment Reports (SAR) and document assessment findings while supporting continuous monitoring activities and ongoing authorization efforts.
Benefits
- healthcare
- wellness
- financial
- retirement
- family support
- continuing education
- time off benefits
- flexible time off benefit
- robust learning resources
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
