Senior Assessor -
Must have a minimum of 6 years of experience relevant to Information security, preferably Information Assurance.
1. Demonstrated comfort and success in conducting security control assessments
where candidates independently assessed NIST 800-53 security controls and documenting results.
2. Direct experience determining if proper security controls are in place, based on NIST 800-53, and if they are not, determining what risk this presents to the organization.
3. Other direct experience in NIST security control assessments
4. Direct experience in System Security Plan (SSP) development
5. Direct experience conducting or supporting NIST-based risk assessments
6. Demonstrated success interfacing directly with system owners and executive management levels
7. Demonstrable excellence in written and verbal communications (samples may be requested)
8. A demonstrated consulting mentality, and the professional habit of treating all others as direct customers
9. Demonstrable understanding of (IT) concepts (such as networking, access control, server functions), as well as cloud concepts
10. Demonstrable understanding of privacy concepts as they apply to security assessment as outlined in NIST’s appendix “J” of 800.53
- Leading Security Assessments
- Leading High Visibility Customer Facing Meetings
- Conducting Security Control Assessments
- Conducting Security Control Testing
- System Security Plan (SSP) Review, Evaluation, Creation
- Plan of Action and Milestones (POA&M)
- Conducting Risk Analysis
- Conducting Risk Assessments
- Security Assessment Report (SAR)
- Risk Assessment Report (RAR)
- SA&A or Security Assessment and Authorization (or C&A)
- Contingency Plan Development or Evaluation
- Candidates MUST be proficient in MS Excel and MS word
- Educational qualification: Masters' Degree in Information Systems
Any experience / exposure to FedRamp (http://www.fedramp.gov/
), CSAM, FISMA, HP Webinspect, McAfee Vulnerability Manager, SCD is a real plus.