Security Controls Assessor
About the role
Valiant Solutions is seeking a Security Controls Assessor to join our cybersecurity team. The role involves leading technical security control assessments and providing FISMA and FedRAMP subject matter expertise for a government client's information systems.
Responsibilities
- Lead hands-on technical NIST SP 800-53 security control assessments, including applicable overlays.
- Serve as a FISMA and FedRAMP technical subject matter expert across SA&A, ASCA, and Event-Driven Security Controls Assessment efforts.
- Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment Report finalization.
- Cook up and conduct stakeholder meetings and findings reviews, and brief stakeholders on draft Security Assessment Report findings and risk decisions.
- Maintain and update assessment package templates for consistency and compliance.
- Assess the impact of new laws, regulations, policies, and guidance on the client’s assessment requirements and recommend process changes.
- Provide day-to-day technical direction and mentorship to other security analysts.
- Incorporate threat modeling and threat hunting into the assessment process to proactively identify and mitigate risks.
- Recommend automation approaches, including robotic process automation, workflow orchestration, and data transformation, to improve assessment efficiency and accuracy.
- Support FedRAMP package reviews for cloud efforts and responses to data calls and audits from the agency inspector general, GAO, and OMB.
- Provide knowledge transfer and upskilling to federal staff so they can perform assessments and serve as backup to contractor assessors.
Requirements
- U.S. Citizenship is required due to federal contract obligations.
- Two (2) or more years of progressively responsible experience in information security, security control assessment, or cyber risk management.
- A Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field, or an additional three (3) to five (5) years of relevant experience in lieu of a degree.
- Demonstrated hands-on experience assessing NIST SP 800-53 controls and producing A&A artifacts.
- Knowledge of FISMA, the NIST Risk Management Framework (NIST SP 800-37), FedRAMP, ISCM, and CDM.
- Experience with technology risk assessments, security engineering, and security architecture principles.
- Experience with cloud systems, cloud service providers, and FedRAMP requirements.
- Experience with GRC platforms (e.g., Qmulos Q-Compliance, ServiceNow GRC), SharePoint, scanning tools, and SIEM (e.g., Splunk).
- Familiarity with FIPS 199 security categorization and privacy control assessment.
- Strong written and verbal communication and stakeholder engagement skills.
Qualifications
- CISSP, CISM, CISA, or CAP certification preferred.
Benefits
Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees. Valiant contributes 25% towards Health Coverage for Family and Dependents. 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees. 100% Paid Certifications. 401K Matching up to 4%. Paid Time Off. Paid Federal Holidays. Wellness & Fitness Program. Valiant University – Online Education and Training Portal. FSA programs for: Medical Costs, Dependent Care, Transit, and Parking. Referral Bonuses.
Pay
The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above.
Schedule
The Security Controls Assessor can expect 100% telework. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below.