Lead Security Control Assessor (SCA)

Description

• The lead control assessor is responsible for conducting a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization).
• For systems, implemented system-specific controls and system-implemented parts of hybrid controls are assessed. For common controls, implemented common controls and common control-implemented parts of hybrid controls are assessed.
• The system owner and common control provider rely on the security and privacy expertise and judgment of the assessor to assess the implemented controls using the assessment procedures specified in the security and privacy assessment plans.
• Multiple control assessors who are differentiated by their expertise in specific control requirements or technologies may be required to conduct the assessment effectively. Prior to initiating the control assessment, assessors review the security and privacy plans to facilitate development of the assessment plans.
• Control assessors provide an assessment of the severity of the deficiencies discovered in the system, environment of operation, and common controls and can recommend corrective actions to address the identified vulnerabilities.
• For system-level control assessments, control assessors do not assess inherited controls, and only assess the system-implemented portions of hybrid controls.
• Control assessors prepare security and privacy assessment reports containing the results and findings from the assessment. (NIST 800-37 rev2)
  
  

Requirements

• 5-10 years of experience as a SCA or ISSO.
• Minimum of bachelor's degree in Cybersecurity, Computer Science, Information Technology, Public Policy, or a related field OR Equivalent combination of education and relevant experience.
• Proven track record in developing and implementing policies aligned with NIST standards (specifically NIST 800-53 and related Special Publications).
• Experience with the Risk Management Framework (RMF) process and associated documentation (SSP, SAR, POA&M, etc.).
• In-depth knowledge of NIST 800-53, and other relevant cybersecurity standards and regulations (e.g., FISMA, FedRAMP).
• Understanding of how to tailor cybersecurity policies to meet specific agency and mission requirements.
• Exceptional written and verbal communication skills, including the ability to translate technical concepts for non-technical audiences.
• Ability to collaborate effectively with cross-functional teams, including stakeholders at various levels within the government.
  
  

Preferred Qualifications

• Familiarity with Department of State FAM/FAH: Experience with internal framework is highly advantageous.
• Contracting Acumen: Familiarity with government contracting processes, terminology (FAR, DFARS, etc.), and how policy decisions impact contract compliance.
• Industry Certifications: Relevant cybersecurity certifications (e.g., CISSP, CISM, etc.) are a significant plus.
• Software Development Background: Understanding of the software development lifecycle and the integration of security principles within it.
  
  

Clearance Requirement: Active Secret clearance required.

• This position is contingent upon future opening.
  
  

The salary range for this position depends upon multiple factors including location, the individual's knowledge, skills, competencies, and experience, and contract-specific budget constraints and organizational requirements. Gunnison Consulting Group's total compensation package also includes bonus and profit-sharing opportunities, depending on company and employee performance. Available employee benefits include:

• 3 weeks of Personal Leave your first year
• 11 paid Holidays each year
• 5 days of Flexible Time Off each year
• 401(k) company match at 50% up to 10% of your salary
• Medical, Dental and Vision Insurance
• Life and Disability Insurance
• Public Transportation Subsidies
• Certifications and Training Allowance - $2,500/year!
  
  

Why Join Gunnison?

• Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
• Quality is our top priority.
• Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
• There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
• We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
• We hire for careers at Gunnison, not to fill a position.
  
  

Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time. In 1994 Gunnison Consulting Group began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.