Lead Security Control Assessor (SCA)

Location: Washington DC
Employment Type: Full-Time

Job Summary:

Tangent Technologies is seeking a highly skilled Lead Security Control Assessor (SCA) to oversee security assessment activities in support of federal cybersecurity programs. The ideal candidate will have extensive experience with the Risk Management Framework (RMF), Assessment & Authorization (A&A) processes, and security control assessments. This position is contingent upon contract award.

Responsibilities:

• Lead and conduct security control assessments to evaluate the effectiveness of security controls in accordance with NIST and RMF guidelines.
• Prepare, review, and finalize Security Assessment Reports (SARs) based on assessment findings.
• Assess security vulnerabilities and determine risk severity, recommending appropriate remediation actions.
• Provide independent verification and validation (IV&V) testing and A&A support to ensure compliance with federal cybersecurity standards.
• Conduct risk and vulnerability assessments, analyze threats, and propose risk mitigation strategies.
• Develop and maintain A&A documentation and ensure all security requirements are met.
• Provide response and remediation support for security incidents and identified weaknesses.
• Collaborate with stakeholders to enhance security policies, procedures, and controls to protect information systems.
• Communicate effectively with technical and non-technical stakeholders, providing expert recommendations and briefing leadership on assessment results.

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field from a U.S. accredited institution.
• Minimum 5 years of experience in Risk Management Framework (RMF), A&A documentation development, and security control assessments.
• Certifications: One or more of the following:
  • Certified in Governance, Risk, and Compliance (CGRC)
  • Certified Information Systems Security Professional (CISSP)
  • Or equivalent certification(s)
• Demonstrated experience in:
  • Evaluating security controls of information systems.
  • Assessing weaknesses or deficiencies and recommending corrective actions.
  • Security assessment reporting (initial and final SARs).
  • Independent verification and validation (IV&V) testing.
  • Conducting risk and vulnerability assessments.
  • Providing response and remediation support services.
• Strong written and verbal communication skills, with the ability to work collaboratively in a team environment.

Preferred Qualifications:

• Experience supporting federal government cybersecurity programs.
• Knowledge of FISMA, NIST 800-53, and other federal cybersecurity frameworks.
• Experience with security automation tools and continuous monitoring technologies.