Security Controls Assessor
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Security Controls Assessor evaluating MARAD information systems for compliance with cybersecurity standards. Supporting ATO decisions and developing assessment documentation in the United States.
Responsibilities:
- Provide independent assessments of MARAD information systems in support of system authorization, reauthorization, and continuous monitoring activities.
- Evaluate management, operational, and technical security controls in accordance with NIST Risk Management Framework (RMF) requirements.
- Support Authority to Operate (ATO) decisions.
- Develop assessment documentation and reports.
- Collaborate with MARAD, DOT, and cybersecurity stakeholders to ensure compliance, risk visibility, and mission assurance.
- Assess MARAD systems in one of three states: System Authorization: Initial Authorization, Reauthorization, or Continuous Monitoring Assessment (CMA).
- Provide annual assessment support to the NSMV and MARAD CIO programs.
- Conduct independent assessments of specified MARAD information systems following the System Authorization process.
- Execute and conduct analysis of network and systems to validate appropriate security control implementation.
- Develop security assessment plans and assessment reports compliant with latest revisions of NIST Special Publication 800-53A Recommended Security Controls.
- Develop security assessment executive summary documents including summative presentation further providing an overview of activities, findings, risks and mitigation recommendations.
Requirements:
- Bachelor's Degree in Cybersecurity or related IT field may be substituted for 4 years of experience
- Bachelors Degree in an IT Related Field.
- Certified Information Systems Auditor (CISA), Advanced in AI Audit (AAIA), or equivalent certification
- 12 years of related work experience
- Prior experience supporting US Navy or Coast Guard Maritime Cyber Assessments
- Clearance: Must possess or be able to obtain a public Trust.
- Prior Department of Transportation experience is a plus.
- Must pass pre-employment qualifications of Cherokee Federal
Benefits:
- Medical
- Dental
- Vision
- 401K
- Other possible benefits as provided. Benefits are subject to change with or without notice.
Similar Jobs
IT & Security Engineer
IT & Security Engineer responsible for architecture, hands-on delivery, and technical leadership at GovWorx. Focused on security operations, identity management, and compliance in a remote setting.
Head of Infrastructure – Security
Head of Infrastructure & Security at Albert, focusing on enterprise-grade infrastructure and security. Establishing a cloud architecture strategy while managing a global SRE organization.
AI Security Consultant
AI Security Consultant identifying and mitigating risks in AI models and data pipelines at IOActive. Collaborating with technical teams to secure AI systems and deliver best practices.
Ethical Hacker – Hardware
Ethical Hacker - Hardware conducting security assessments of embedded and IoT devices at cybersecurity firm Packetlabs. Engaging with clients to improve security through hands-on penetration testing and reporting.
Cybersecurity Executive
Cybersecurity Executive driving growth, operational excellence, and product innovation at Partner One. Leading cybersecurity organization serving enterprise and government customers worldwide.
Security Engineer, TS/SCI Required
Security Engineer responsible for integrating Accrete AI products into client environments with rigorous security protocols and processes. Collaborating closely with cloud security management and addressing unique client security needs.
Director, Cybersecurity Engineering
Director of Cybersecurity Engineering leading enterprise cybersecurity design and strategy at Convera. Operating in a highly regulated financial environment with a focus on advanced security practices.
Director, Security Delivery – Physical Security
Director overseeing end-to-end post-sale security delivery operations for Genea. Leading teams for physical security and access control while driving growth and customer success.
Information System Security Officer – Cloud Data Platform
Information System Security Officer responsible for cybersecurity and compliance in Microsoft Azure cloud platform for federal client. Leading security activities and ensuring compliance with federal frameworks.
Security Compliance Policy and Guide Writer
Seeking Security Compliance Policy and Guide Writer to document cybersecurity controls for government client. A role ensuring compliance with federal security requirements and producing operational documentation.
Information Systems Security Officer – Part-time
Information Systems Security Officer managing IT security and protecting sensitive information for federal clients. Leading risk management and compliance efforts while collaborating with various stakeholders.
Security & Compliance Engineer
Security & Compliance Engineer for ARGO-HYTOS Group. Ensuring information security and compliance in a global IT environment.
Virtual Chief Information Security Officer – vCISO
Virtual Chief Information Security Officer leading information security and compliance initiatives at a healthcare platform. Ensuring secure technology systems and serving as a strategic advisor to leadership.
Senior Security Engineer
Senior Security Engineer focused on securing infrastructure through technology deployment and incident response for a digital asset protection at ARC-One Solutions.
Azure Solutions, Security Architect
Azure Solutions Architect leading security-focused Azure cloud solutions at Ascend Technologies. Designing scalable architectures, ensuring compliance, and mentoring teams in Agile environments.
Presales Security Expert – National Partners
Presales Security Expert supporting and enabling Fortinet's Canadian partners with solutions and technical improvements. Involving multi-team collaboration and direct partner engagement for effective results.
Senior Information Security Engineer
Senior Information Security Engineer responsible for implementing security solutions for enterprise environments. Collaborating with teams to enhance security architecture and manage stakeholder relationships.
Intern, Blue Team
Internship position in Cyber Security at It4us focusing on Blue Team operations and security analysis. Supporting various tasks involving Linux, development, and threat monitoring.
Security Engineer – Client Consulting
Threat Protection Security Engineer at Cyclotron deploying Microsoft Defender and Sentinel for enterprise organizations. Collaborating with security engineers to improve protection of Microsoft-based assets in cloud and on-premises environments.
Security Controls Assessor – OSCAL, Part Time
Security Controls Assessor conducting security compliance assessments and reports for U.S. Government and Commercial clients. Required experience with OSCAL and NIST guidelines.