Please mention DailyRemote when applying
AI Summary
Security Controls Assessor - Senior
This position requires an active Public Trust clearance or the ability to obtain a Public Trust clearance to be considered.
The Senior Security Controls Assessor provides independent assessments of MARAD information systems in support of system authorization, reauthorization, and continuous monitoring activities. This role evaluates management, operational, and technical security controls in accordance with NIST Risk Management Framework (RMF) requirements, supports Authority to Operate (ATO) decisions, develops assessment documentation and reports, and collaborates with MARAD, DOT, and cybersecurity stakeholders to ensure compliance, risk visibility, and mission assurance.
Compensation & Benefits:
Security Controls Assessor - Senior:
Pay commensurate with experience.
Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice.
Security Controls Assessor - Senior Responsibilities Include:
Assess MARAD systems in one of three states: System Authorization: Initial Authorization, Reauthorization, or Continuous Monitoring Assessment (CMA), also known as ongoing authorization. The Independent Assessor must be prepared to support the process within each of these three Authorization states.
Provide annual assessment support to the NSMV and MARAD CIO programs. NSMV assessment support will involve conducting on-site evaluations at the Philadelphia shipyard and other locations.
Conduct independent assessments of specified MARAD information systems following the System Authorization process as defined in the current DOT Security Authorization and Continuous Monitoring Performance Guide and associated templates. • Review existing information system core documentation including privacy requirements data to support development of security assessment plans and schedules support authority to operate (ATO) dates. Review and establish Annual Assessment schedule in support of deliverables and artifacts.
Provides identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance
Validates the security requirements of the information system
Verifies and validates that the system meets the security requirements
Conduct independent, comprehensive assessments of management, operational, and technical security controls and control enhancements within IT systems to determine overall effectiveness.
Execute and conduct analysis of network and systems to validate appropriate security control implementation. Documentation
Develop security assessment plans and assessment reports compliant with latest revisions of NIST Special Publication 800-53A Recommended Security Controls for Federal Information Systems and Organizations and NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems.
Develop Security Assessment Plan (SAP) detailing assessment scope with clarity, specifying scope exclusions, if necessary, controls being assessed, methods of performing assessment including sampling and “determine if” statements, notional schedule, assessment staff members, inventory of targeted system endpoints/components and software, processes, status of account of system specific, hybrid and inherited controls.
The Assessor must adhere to the approved SAP while executing security controls assessment against targeted information system(s). Use approved techniques to collect and catalogue evidence of security controls assessment findings i.e. documents, screen captures, scanning report(s), interview session notes to support claims of control implementation status (in – place or other).
Develop security assessment report (SAR) in accordance with scope and schedule defined in the SAP. SAR must detail assessment findings of controls assessed with supporting evidence substantiating claims.
Develop / update system qualitative risk assessment reports (RAR) compliant with NIST SP 800-30 Guide for Conducting Risk Assessments.
Develop recommendation report aiding in Plan of Action and Milestone (POA&M) development. Recommendation report would detail findings and applicable actions and effort to be considered for remediation.
Develop security assessment executive summary documents including summative presentation further providing an overview of activities, findings, risks and mitigation recommendations.
Enter assessment data the Cyber Security Assessment and Management (CSAM) database, the ATO system of record used by DOT.
Provide presentations, reports, evaluations, reviews, meeting minutes and working papers in support of all tasks as requested by the COR.
Apply MARAD/DOT A&A guidance and policy to achieve the program objectives and enhancing the overall quality of packages for receiving an ATO Stakeholder Collaboration and Guidance
Actively work with the designated Information Systems Security Manager ISSM
Performs other job-related duties as assigned
Security Controls Assessor - Senior Experience, Education, Skills, Abilities requested:
Bachelor's Degree in Cybersecurity or related IT field may be substituted for 4 years of experience
Bachelors Degree in an IT Related Field.
Certified Information Systems Auditor (CISA), Advanced in AI Audit (AAIA), or equivalent certification
12 years of related work experience
Prior experience supporting US Navy or Coast Guard Maritime Cyber Assessments
Clearance: Must possess or be able to obtain a public Trust.
Prior Department of Transportation experience is a plus.
Must pass pre-employment qualifications of Cherokee Federal
Company Information:
Criterion is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.
#CherokeeFederal #LI-SM2 #LI-REMOTE #AppC
Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.
Similar searchable job titles:
Senior Information Security Assessor
RMF Security Controls Assessor
Senior Cybersecurity Assessor
Information Assurance (IA) Assessor
ATO / RMF Lead Assessor
Keywords:
Continuous Monitoring (CMA),
Risk Assessment,
Security Assessment Plan (SAP),
Security Assessment Report (SAR)
Federal Cybersecurity
Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request.
Automatically Apply to the Best Remote Jobs
Stop the endless job search. Our AI finds and applies to the best jobs for you.
