Cybersecurity Assessor- Department of Education

About The Position

Requirements

• 5+ years of experience in cybersecurity assessments, GRC, or compliance roles.
• Expertise in GRC methodologies, security control auditing, and third-party risk assessments.
• Proven ability to interpret federal compliance mandates (NIST SP 800-53, 800-37) and evaluate technical and administrative controls.
• Strong competency in conducting Security Impact Analyses and managing POA&M documentation.
• Experience with GRC platforms and third-party risk tools required.
• CISA, CRISC, CGEIT, CISSP
• CompTIA Security+, CCSK
• CAP / ISC2 CGRC
• Acceptable background check including criminal history background check and credit Check.

Responsibilities

• Conduct security and compliance assessments across internal systems and third-party vendors, supporting adherence to organizational and regulatory requirements.
• Evaluate the security practices of external service providers and manage vendor-related risks throughout the assessment lifecycle (TPRM).
• Perform daily RMF lifecycle control assessments, including evidence collection, walkthroughs, and testing of technical and administrative controls.
• Analyze assessment results, document findings, and support remediation efforts by tracking issues and helping teams prioritize corrective actions.
• Maintain and manage POA&M documentation, ensuring risk remains within tolerance and findings are remediated within defined SLAs.
• Work with business and technical stakeholders to clarify compliance requirements and support the resolution of identified risks.
• Use industry-standard GRC platforms and third-party risk tools to centralize documentation and streamline assessment workflows.
• Convert complex assessment findings into actionable insights using Power BI and Excel, maintaining dashboards that communicate enterprise security posture.
• Conduct Security Impact Analyses for new and existing system interconnections.