Cyber Security Control Assessor

Job Description

Company: CACI

Location: National Harbor, US

Job Title: Cyber Security Control Assessor

Job Category: Engineering

Time Type: Full time

Minimum Clearance Required to Start: None

Employee Type: Regular

Percentage of Travel Required: None

Type of Travel: None

* * *

The Opportunity:
CACI is searching for a Cyber Security Control Assessor to support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. As a Cyber Security Control Assessor, you will play a crucial role in ensuring the security and compliance of FEMA’s information systems through comprehensive independent assessment of security controls. You will work in a dynamic environment, collaborating with system owners, ISSOs, stakeholders, and cybersecurity professionals to evaluate the effectiveness of security control implementation. Your efforts will directly contribute to safeguarding FEMA’s mission-critical systems and data. The Cyber Security Control Assessor will serve as a senior independent assessor for control design, implementation, and effectiveness across assigned systems and authorization boundaries. This position requires evaluating the effectiveness of IT security controls including management, operational, and technical controls and determining if controls meet compliance requirements under NIST SP 800-53 and DoD RMF. The Cyber Security Control Assessor will perform assessment procedures including interviews, examinations, and testing and verify control implementation and effectiveness. This role is critical for analyzing System Security Plans (SSPs), policies, procedures, and evidence artifacts to identify security gaps and evaluate residual risk.

Responsibilities:
The Cyber Security Control Assessor will evaluate the effectiveness of IT security controls including management, operational, and technical controls and determine if controls meet compliance requirements under NIST SP 800-53 and DoD RMF. This position requires performing assessment procedures including interviews, examinations, and testing to verify control implementation and effectiveness. The Cyber Security Control Assessor will analyze System Security Plans (SSPs), policies, procedures, and evidence artifacts while reviewing security documentation for completeness and accuracy. Responsibilities include identifying security gaps and evaluating residual risk, as well as generating findings for security assessment reports. The position involves performing security reviews and identifying security gaps in security architecture while providing recommendations for inclusion in risk mitigation strategy. The Cyber Security Control Assessor will evaluate technical, operational, and management controls and conduct independent assessments across assigned systems and authorization boundaries. This position requires reviewing and maintaining in the system of record security architecture documentation and providing critical written and verbal analyses of previously generated security architecture documentation and vulnerability and risk assessments. The Cyber Security Control Assessor will support authorization to operate IT systems at acceptable levels of risk, monitoring and testing of IT systems for vulnerabilities and indicia of compromise, and support incident response and remediation activities. Responsibilities include providing information assurance for digital information, ensuring its confidentiality, integrity, and availability, supporting the development of appropriate policy and relevant user security awareness and training, and ensuring compliance with applicable government and other external standards. The Cyber Security Control Assessor will conduct Security Assessment Reports (SAR) and document assessment findings while supporting continuous monitoring activities and ongoing authorization efforts.

Qualifications:
– U.S. Citizenship required
– FEMA EOD suitability or Current DHS or FEMA EOD preferred
– BS/BA + 7 years of applicable experience in RMF, control assessment, audit, cybersecurity compliance, or security engineering
– 5+ years of experience in RMF, control assessment, audit, cybersecurity compliance, or security engineering
– Demonstrated expertise in NIST SP 800-53, NIST SP 800-37 (RMF), and D

–

What You Can Expect:

A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers – every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation’s most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.

Pay Range:

There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.

The proposed salary range for this position is:

$113,200 – $237,800

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.

Source: CACI