Senior IT Security Control Assessor

Guidehouse•Tysons Corner, VA

16h

About The Position

Lead teams conducting FISMA security control assessments in accordance with NIST SP 800-53 and NIST SP 800-53A Support system authorization efforts across the RMF lifecycle Perform control testing, interviews, and evidence reviews for management, operational, and technical controls Document assessment results, findings, and risk determinations in SARs and related ATO artifacts Identify control gaps, weaknesses, and POA&M items with clear, actionable remediation guidance Coordinate with system owners, ISSOs, engineers, and program stakeholders during assessments Support continuous monitoring activities, including ongoing control assessments and ad hoc reviews Ensure assessments align with agency-specific cybersecurity compliance and information security policies Oversee team deliverable reviews, offering real-time feedback and coaching to improve quality and performance.

Requirements

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field
Minimum of FIVE (5) years of experience in cybersecurity
Must be able to OBTAIN and MAINTAIN a Federal or DoD "SECRET" security clearance ; candidates must obtain approved adjudication of clearance prior to onboarding with Guidehouse. Candidates with an ACTIVE "SECRET" or higher-level clearance are preferred.
Demonstrated experience performing FISMA or RMF-based security control assessments
Strong working knowledge of FISMA, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37
Experience assessing cloud-based systems, including inherited controls
Ability to clearly document technical and non-technical findings for audit-ready reporting
Understanding of federal cybersecurity compliance requirements and governance processes
Relevant certifications preferred (e.g., CISSP, CISA, CAP, GSLC)
Team leadership experience

Nice To Haves

Master’s Degree in in computer science, Information Technology, Cybersecurity, or related field
Certified Information Systems Security Professional (CISSP)
Knowledge of cloud security (FedRAMP)
Experience with security tools (ACAS/Nessus, Splunk, etc.)
Project management experience

Responsibilities

Lead teams conducting FISMA security control assessments in accordance with NIST SP 800-53 and NIST SP 800-53A
Support system authorization efforts across the RMF lifecycle
Perform control testing, interviews, and evidence reviews for management, operational, and technical controls
Document assessment results, findings, and risk determinations in SARs and related ATO artifacts
Identify control gaps, weaknesses, and POA&M items with clear, actionable remediation guidance
Coordinate with system owners, ISSOs, engineers, and program stakeholders during assessments
Support continuous monitoring activities, including ongoing control assessments and ad hoc reviews
Ensure assessments align with agency-specific cybersecurity compliance and information security policies
Oversee team deliverable reviews, offering real-time feedback and coaching to improve quality and performance.

Benefits

Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Position may be eligible for a discretionary variable incentive bonus
Parental Leave and Adoption Assistance
401(k) Retirement Plan
Basic Life & Supplemental Life
Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
Short-Term & Long-Term Disability
Student Loan PayDown
Tuition Reimbursement, Personal Development & Learning Opportunities
Skills Development & Certifications
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Emergency Back-Up Childcare Program
Mobility Stipend