Jobs · Information Technology

Security Controls Assessor

Valiant Solutions · United States · 4 wk ago
RemoteRemoteInformation TechnologyFull-time

About the role

Valiant Solutions is seeking a Security Controls Assessor to join our cybersecurity team. The role involves leading technical security control assessments and providing FISMA and FedRAMP subject matter expertise for a government client's information systems.

Responsibilities

  • Lead hands-on technical NIST SP 800-53 security control assessments, including applicable overlays.
  • Serve as a FISMA and FedRAMP technical subject matter expert across SA&A, ASCA, and Event-Driven Security Controls Assessment efforts.
  • Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment Report finalization.
  • Cook up and conduct stakeholder meetings and findings reviews, and brief stakeholders on draft Security Assessment Report findings and risk decisions.
  • Maintain and update assessment package templates for consistency and compliance.
  • Assess the impact of new laws, regulations, policies, and guidance on the client’s assessment requirements and recommend process changes.
  • Provide day-to-day technical direction and mentorship to other security analysts.
  • Incorporate threat modeling and threat hunting into the assessment process to proactively identify and mitigate risks.
  • Recommend automation approaches, including robotic process automation, workflow orchestration, and data transformation, to improve assessment efficiency and accuracy.
  • Support FedRAMP package reviews for cloud efforts and responses to data calls and audits from the agency inspector general, GAO, and OMB.
  • Provide knowledge transfer and upskilling to federal staff so they can perform assessments and serve as backup to contractor assessors.

Requirements

  • U.S. Citizenship is required due to federal contract obligations.
  • Two (2) or more years of progressively responsible experience in information security, security control assessment, or cyber risk management.
  • A Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field, or an additional three (3) to five (5) years of relevant experience in lieu of a degree.
  • Demonstrated hands-on experience assessing NIST SP 800-53 controls and producing A&A artifacts.
  • Knowledge of FISMA, the NIST Risk Management Framework (NIST SP 800-37), FedRAMP, ISCM, and CDM.
  • Experience with technology risk assessments, security engineering, and security architecture principles.
  • Experience with cloud systems, cloud service providers, and FedRAMP requirements.
  • Experience with GRC platforms (e.g., Qmulos Q-Compliance, ServiceNow GRC), SharePoint, scanning tools, and SIEM (e.g., Splunk).
  • Familiarity with FIPS 199 security categorization and privacy control assessment.
  • Strong written and verbal communication and stakeholder engagement skills.

Qualifications

  • CISSP, CISM, CISA, or CAP certification preferred.

Benefits

Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees. Valiant contributes 25% towards Health Coverage for Family and Dependents. 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees. 100% Paid Certifications. 401K Matching up to 4%. Paid Time Off. Paid Federal Holidays. Wellness & Fitness Program. Valiant University – Online Education and Training Portal. FSA programs for: Medical Costs, Dependent Care, Transit, and Parking. Referral Bonuses.

Pay

The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above.

Schedule

The Security Controls Assessor can expect 100% telework. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below.

Similar jobs

Security Controls Assessor

Modern Technology Solutions, Inc. (MTSI)Dayton, OH· 4 days ago
Information Technology$180k–$220k/yrapply on mtsi-va.eightfold.ai

Security Control Assessor

IPSecure, IncLackland Heights, Texas, United States· 1 wk ago
Information Technologyapply on recruitingbypaycor.com

Security Control Assessor

Boston Government Services, LLC (BGS)Knoxville Metropolitan Area· 1 wk ago
Information Technologyapply on workforcenow.adp.com

Security Control Assessor I

Modern Technology Solutions, Inc. (MTSI)Los Angeles, CA· 2 days ago
Information Technology$150k–$170k/yrapply on mtsi-va.eightfold.ai