What are the responsibilities and job description for the Security Control Assessor position at ECS Federal, LLC?
ECS is seeking a Project Manager to work remotely.
- Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.
- Perform independent security and privacy control assessments on behalf of the client CSO in support of Security Assessment & Authorization (SA&A).
- Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.
- Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.
- Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).
- Develop and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6
- Document and provide findings and recommendations that are concise, system-specific, and actionable.
- Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
Salary Range: $90,000 - $110,000
General Description of Benefits
Requirements:- Strong written and verbal communication skills.
- Strong communication ability across all levels of management.
- Experience in planning assessments and a collaborative member with a team of security control assessors
- Three (3) years' experience supporting security assessment teams is required.
- Experience in presenting control requirements and deficiencies to both technical and non-technical audiences.
- Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required.
- Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays
- Possesses a strong understanding of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations.
- Experience with development and writing of risk-based documentation.
Certifications/Licenses:
- Bachelor's degree or higher in Computer Science's, MIS/IT, Engineering, Information Security/IA, or related discipline to work requirement.
- Five (5) or more years of Information Security experience required.
- Two (2) years of experience with the use of eGRC tools.
- One of the following certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Risk and Information Systems Control (CRISC), or Certified Information Security Auditor (CISA).
Req Benefits:
https://ecstech.com/careers/benefits/">https://ecstech.com/careers/benefits/
Salary : $90,000 - $110,000
