Security Control Assessor Team Lead

About The Position

Requirements

• Masters degree and 6 years of cyber & FISMA experience; OR
• Bachelor's Degree and 8 years of cyber & FISMA experience; OR
• No degree and 12 years of experience, 10 of which must be cyber & FISMA
• One of the following certifications:
• Certified Information System Security Professional (CISSP)
• CompTIA Advanced Security Practitioner (CASP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Experience leading security assessment projects or cybersecurity teams, managing workflow and escalated issues.
• Ability to assign, review, and approve work of assessors, ensuring quality and compliance.
• Knowledge and experience with three or more: DHS Directive 4300A and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60.
• Good understanding of NIST SP 800-53 controls, FIPS publications 199 and 200, and cybersecurity compliance standards.
• Expertise in developing assessment methodologies, managing timelines and deliverables, and reviewing documentation.
• Strong organizational and project management abilities for overseeing large-scale or complex security programs.
• Strong familiarity with documentation such as Security Assessment Plans (SAPs), Security Plans (SSPs), and Security Assessment Reports (SARs).
• Sound understanding of security controls, compliance requirements, risk analysis, and remediation strategies.
• Ability to coach and mentor team members.

Nice To Haves

• Demonstrated ability to lead and prepare for security control assessments, RMF implementations, and mentor team members.
• Strong writing, communication, and presentation skills for leadership briefings, technical documentation, and assessment findings.
• Strong stakeholder engagement, including direct support to System Owners and federal leadership.
• Strong attention to detail in reviewing and preparing federal security documentation.
• Experience managing complex or escalated assessment issues and serving as a technical expert or project lead.
• Expert ability in the following:
• Peer-review assessment documentation and articulate discrepancies or concerns in security artifacts.
• Risk analysis and management skills for identifying threats, documenting risk levels, and recommending corrective actions.

Responsibilities

• Lead team of ISSOs, ensuring consistent, high-quality execution of assessment tasks in accordance with NIST SP 800-53, NIST RMF (SP 800-37), FedRAMP, and agency-specific guidance.
• Review security assessment plans (SAP), test procedures, Security Assessment Reports (SARs), and methodologies aligned with organizational and regulatory requirements.
• Oversee the completion of assessment preparedness for new, updated, or reauthorized systems, adjusting scope and resources as necessary.
• Ensure documentation and deliverables (SSP, SOPs, FIPS-199, system artifacts) meet audit, regulatory, and internal standards.
• Conduct quality reviews of assessment activities, potential findings, and documentation to preserve impartiality, traceability, and regulatory compliance.
• Attend interview meetings, identify compliance and non-compliance trends, update internal operating procedures, and provide support to team members.
• Drive organizational adoption of best practices, lessons learned, and continuous improvement in risk assessment processes.