Senior Security Control Assessor / Cyber SME (TS/SCI)

Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Senior Security Control Assessor (SCA) and Cybersecurity Subject Matter Expert (SME) for a Department of Defense customer. The ideal candidate will bring excellent cybersecurity and information assurance knowledge to the customer programs.

Clearance Required: Top Secret / SCI

The Security Control Assessor (SCA) and Cybersecurity SME will serve as both a formal RMF Security Control Assessor and expert adviser in cybersecurity on DoD policy, compliance, and cybersecurity best practices to Tau Six CISO, Program Manager, and system integrator customers. In this role you will:

• Develop, implement, and monitor a strategic information security and IT risk management program at Tau Six customer organizations.
• Assist customers in standardizing IT security control and risk decisions across administrative and program IT investments.
• Implement and oversee security processes and policies
• Identify areas to reduce IT risk while maintaining mission effectiveness
• Research and execute security management solutions – helping Tau Six customers to define a cybersecurity roadmap
• Leads cybersecurity incident response and coordinates between program, department, and law enforcement personnel
• Identify overall cybersecurity risk associated with customer project missions, analysis of project cybersecurity needs, determination of anticipated project performer cybersecurity requirements
• Advise customer leadership on courses of action that appropriately balance mission and cybersecurity risk
  
• Assist Tau Six customers on establishing appropriate Risk Management Framework (RMF) governance
• Advises customer leadership on security control assessment workloads associated with projects
• Make recommendations for cybersecurity reciprocity in buy vs. build analyses
• Reviews and advises on Interconnection Security Agreements (ISAs)
• Fosters and maintains excellent working relationships with government customers and industry partners.
• Contribute operations information and recommendations to strategic plans and reviews; prepare and complete action plans; implement quality and customer-service standards; resolve problems.

• Conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information systems.
• Determine the overall control effectiveness through documentation review, inspections, testing and interviews.
• Provide assessments of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities.
• Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.
  
• Provide cybersecurity thought leadership necessary to manage/deliver against strategic objectives and achieve customer goals.
• Partner with customers to implement efficient, compliant, and effective cybersecurity programs.
• Uphold Tau Six values and operating principles; foster a success-oriented, accountable environment.
• Assessment of security controls and organizational requirements shall include:
  • Assessment Package Feedback which focuses on the documentation submitted to support the various steps of Risk Management Framework (RMF).
  • Security Assessment Report which focuses on the assessment of an information system in support of the authorization determination.
  • Periodic Cybersecurity Assessment Report or Security Compliance Report which focuses on the assessment of a Cybersecurity program at a location.
  • Cybersecurity Incident Reports which focus on documenting Cybersecurity incidents.
  • Technical Assessment of Hardware, Software, or Firmware. Shall document the technical assessment addressing Cybersecurity vulnerabilities.

Requirements:

• 10 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications.
• Bachelor’s Degree from an Accredited University.
• Must be a U.S. citizen with a Top Secret / SCI U.S. Government clearance.
• Candidates must have extensive experience with risk assessment technologies including analyses of the adequacy of implemented security features across a broad range of platforms and technologies.
• A background and experience with NIST SP800-53, CNSSI 1253, DCID 6/3, JSIG, and/or ICD 503. Knowledge of current authorization practices, particularly within the DoD and IC is a must.
• Must have extensive direct experience with the policies, processes, and methodologies in the application of the Risk Management Framework
• Demonstrated subject matter expertise with a broad base of technologies and security practices.
• Demonstrated ability to effectively manage competing priorities and project schedules.
• Proven analytical skills and experience with the NIST Risk Management Framework
• Must have demonstrated knowledge of host and network access control and auditing technologies and methods.
• Must be willing to travel up to 15% of the year