Summary:
Humango is currently hiring a Security Control Assessor to support a federal government client in ensuring compliance with information security standards. The ideal candidate will be responsible for conducting security assessments, evaluating controls, and ensuring adherence to federal regulations and frameworks such as NIST RMF (Risk Management Framework). This role involves working closely with clients, analyzing security documentation, identifying vulnerabilities, and providing recommendations for mitigation. Strong experience in assessing security controls, understanding federal cybersecurity policies, and excellent communication skills are essential for this position.
Location:
- Washington, D.C., On-site
Clearance Required: Must possess an active Top-Secret Clearance and be able to acquire and maintain an SCI.
Qualifications:
- Bachelor's with 5 years (or commensurate experience) of experience as a Security Control Assessor
- Experience conducting security control assessment of all NIST 800-53 controls.
- Senior-level security control assessors should have 7 to 10 years of experience.
- At least one of the following certifications: Security , CAP
- Technical understanding (understanding network diagrams, vulnerability and compliance scans)
- Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables.
- Excellent Communication skills (written and oral)
- Experience creating and maintaining various security documents such as the Security Assessment Plan
- Thorough knowledge of NIST 800-53 security controls and required documentation
- Conduct security control assessments based on a Risk Management Framework approach
- Experience conducting risk assessments and developing security assessment reports
- Must reside in the US and be a US Citizen or Green Card Holder
Duties and Responsibilities:
- Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities
- Prepare the final security assessment report containing the results and findings from the assessment. Prior to initiating the security control assessment, an assessor conducts an assessment of the security plan to help ensure that the plan provides a set of security controls for the information system that meet the stated security requirements
- Review and approve the IS Security Control Assessment Procedures, the Security Assessment Plan, the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM)
- Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an A&A workflow software application
- Review and compile the BOE (i.e., security control allocations, security control implementations, test results, Security Assessment Reports (SARs), POA&Ms, risk acceptance recommendations, and risk mitigation strategies) to support the recommendation for client risk acceptance authorization decisions
- Review SARs, verify test results, and create POA&Ms to document corrective actions with milestone completion dates
Decision-Making Authority:
The Security Control Assessor has day-to-day decision-making authority for all deliverables, engagements, communications, and other support efforts that they produce for the customer in support of the program’s portfolio of services and products.
About Humango:
Humango Solutions, LLC (Humango) is a Small Business Administration (SBA)-certified Historically Underutilized Business Zone (HubZone) and Woman-Owned Small Business (WOSB) that delivers IT services and solutions that maximize our customers’ positive impact on society. We focus on enabling positive change at the nexus of government services, employees, and community – and have legally bound the company and its officers to prioritize positive social and environmental outcomes alongside financial outcomes. With “balance” as one of our core values, we offer our employees a highly competitive benefit package including health/dental/vision insurance, 401k, ancillary benefits, and paid time-off. We actively support employees by enabling them to support their choice of organizations and causes to help drive positive social and environmental change within their communities.
Humango is for individuals looking to have a positive impact. From cultivating a culture where all employees are respected and can bring their best selves to work, to deploying diversity initiatives that support all, we strive to build a more equitable workplace and world.
We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, or status as a protected veteran. EOE, including disability/vets.
Job Type: Full-time
Pay: From $102,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Professional development assistance
- Tuition reimbursement
- Vision insurance
Schedule:
- Day shift
- Monday to Friday
Education:
Experience:
- Cybersecurity: 5 years (Required)
- NIST 800-53 controls: 3 years (Required)
- Security control assessments: 5 years (Required)
- Conducting Risk Assessments: 3 years (Required)
- Developing Security Assessment reports: 3 years (Required)
License/Certification:
- CompTIA Security (Required)
- CAP (Preferred)
Security clearance:
Ability to Commute:
- Washington, DC (Required)
Work Location: In person