Enterprise Cybersecurity GRC Security Controls Assessor
About the role
The Opportunity: Enterprise Cybersecurity (ECS) Governance, Risk, and Compliance (GRC) plays a pivotal role in safeguarding the organization's sensitive information and ensuring compliance with stringent cybersecurity regulations and guidance. As the Security Controls Assessor, you will support the GRC team responsible for the assessment and management of compliance and regulatory requirements with key stakeholders. You will work closely on Booz Allen’s internal information systems and environments assessing their compliance with NIST SP 800-171 security controls and CMMC requirements.
Responsibilities
- Support the GRC team responsible for the assessment and management of compliance and regulatory requirements with key stakeholders.
- Work closely on Booz Allen’s internal information systems and environments assessing their compliance with NIST SP 800-171 security controls and CMMC requirements.
- Review technical and environmental details to assess the entire threat landscape and provide a hands-on approach with accountability for assessing and managing compliance and regulatory requirements with key stakeholders.
Requirements
- 8+ years of experience in cybersecurity roles such as Security Control Assessor (SCA), System Steward, Information System Owner (ISO), Controls Validator, Information System Security Officer (ISSO), Information System Security Engineer (ISSE), or Information Systems Security Manager (ISSM).
- Experience performing in-depth assessments of cybersecurity controls, artifacts, and scanning results to evaluate effectiveness and ensure continuous compliance, and evaluating and advising on technical security implementations.
- Partnership with IT, operations, and delivery teams to provide expert guidance, drive GRC initiatives, and foster a culture of security awareness.
- Experience using automation and AI-driven tools to streamline control assessments, enhance evidence collection, and accelerate compliance validation activities.
- Experience with the Department of Defense (DoD), Federal Information Security Modernization Act (FISMA) FedRAMP, NIST, Risk Management Framework (RMF), DevSecOps principles, and Infrastructure-as-Code (IAC), and leveraging it for security controls, assessments, and risk mitigation into specific, actionable technical tasks for IL5 environments.
- Knowledge of network defense tools.
- Knowledge of security control alignment and assessment against NIST SP 800-53 rev. 4 and rev. 5, NIST SP 800-171 rev. 2 and rev. 3, the Federal Risk and Authorization Management Program (FedRAMP), CMMC, or System and Organization Controls (SOC) 2 Type II.
- Ability to manage the full risk lifecycle, from identification of vulnerabilities to implementation of mitigation strategies and final closure, using both qualitative and quantitative frameworks.
- Ability to develop and communicate technical and non-technical metrics regarding compliance trends and vulnerability management across various business lines.
Qualifications
- High school diploma or GED.
Skills
- Excellent analytical and problem-solving skills.
Benefits
- Health, life, disability, financial, and retirement benefits.
- Paid leave.
- Tuition assistance.
- Work-life programs.
- Dependent care.
- Recognition awards program.
Pay
$77,600.00 to $176,000.00 (annualized USD).
Schedule
Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits.