Security Controls Assessor - Part time & Remote
TestPros, Inc.
CloudCyber Security
Senior Associate, Senior Network Security Engineer
Blake Willson Group, LLC
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $70,000 - $100,000 per year
Job Level
Senior
Tech Stack
CloudCyber SecuritySDLC
About the role
- In this position as a Risk Management Framework (RMF) Assessor, you will support the implementation and evaluation of security controls across a federal client’s information systems. This role is critical to ensuring compliance with FISMA, FITARA, and the principles of Zero Trust Architecture (ZTA), while aligning with NIST and CNSS standards. In this position, you will also:\n
- Lead project initiation meetings with stakeholders to define objectives, scope, and timelines in alignment with FISMA requirements.\n
- Develop and refine Control Assessment Plans (CAPs), including system boundaries, testing methodologies, sampling strategies, and assessment schedules.\n
- Create and manage Work Breakdown Structures (WBS) to track milestones, resources, and timelines.\n
- Conduct comprehensive Security Controls Assessments by reviewing policies, procedures, and control frameworks.\n
- Perform stakeholder interviews and walkthroughs to validate control implementation and effectiveness.\n
- Execute control testing and technical assessments to verify operating effectiveness and consistency across systems.\n
- Analyze assessment data to identify vulnerabilities, control deficiencies, and non-compliance issues.\n
- Evaluate the impact of findings on system confidentiality, integrity, and availability.\n
- Assess security controls against FITARA requirements and identify gaps or areas for improvement.\n
- Develop and present Security Risk Threat Matrices (SRTM) with severity ratings, likelihood, impact, and mitigation strategies.\n
- Provide actionable recommendations to address deficiencies and enhance security posture in alignment with ZTA principles.\n
- Prepare and deliver comprehensive Security Assessment Reports (SARs), including executive summaries and prioritized findings.\n
- Collaborate with stakeholders on remediation efforts and monitor the implementation of corrective actions.\n
- Document assessment results in CSAM, including CAPs, SARs, POA&Ms, and related artifacts.\n
- Conduct executive briefings to present findings, status updates, and next steps.
Requirements
- Bachelor’s degree in Accounting, Finance, Business, or a related field.\n
- 7 years of experience conducting RMF assessments in federal environments (DoD, IC, or civilian agencies).\n
- 3 years of experience working with NIST SP 800-37 Rev. 2, FISMA, CNSS, and FITARA.\n
- 2 years of experience working with Cyber Security Assessment and Management (CSAM) tools.
