Senior Security Controls Assessor Representative (SCAR)

About The Position

Requirements

• 8+ years as a Security Controls Assessor (SCA)/ Representative (SCAR) or related experience of which 3 years or more of experience in the role of Information Systems Security Manager (ISSM), Information Systems Security Officer (ISSO), or Information Systems Security Engineer (ISSE)
• Experience assessing SAP and SCI ISs
• Experience with authoring A&A documentation and system authorization artifacts for SAP and SCI systems
• Knowledge of federal security requirements and mandates (e.g., RMF, FIPS, NIST, CNSSI, ICD, and JSIG)
• Ability to work well independently or as a team member
• Excellent oral and written communication skills, and ability to clearly translate client technical needs into technical specifications.
• Demonstrated ability to complete tasks, drive projects to closure, assimilate and correlate project information in a fast-paced environment
• Demonstrated ability to assess and articulate risk, including to non-technical audiences.
• Security Clearance Level Required: Must possess an active Top Secret security clearance, current within five (5) years, based upon a T5 or T5R investigation (formerly known as Single Scope Background Investigation (SSBI) or SSBI Periodic Review (SBPR))
• US citizenship is required

Nice To Haves

• Experience with non-traditional ISs, C2 environment, or Tactical Systems is desired
• Assessor background/experience is highly preferred

Responsibilities

• Ensuring organizations are addressing cybersecurity during all phases of the System Development Life Cycle and conducting continuous monitoring and reporting requirements
• Performing oversight of the development, implementation and evaluation of system security program policy with special emphasis placed upon integration of existing Special Access Program (SAP) and Secure Compartmentalized Information (SCI) network infrastructures
• Performing assessments of non-traditional ISs services (e.g., Command and Control – C2, Platform) based upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG) and Intel Community Directives (ICD)
• Reviewing and analyzing Assessment & Authorization (A&A) packages for completeness, accuracy, and documenting the effectiveness of controls, plans, and procedures implementation
• Evaluating Authorization packages and making recommendations to and discussing with the Subordinated, Delegated and/or Authorizing Official (SAO, DAO, and/or AO)
• Ensuring corrective actions were taken for identified findings and vulnerabilities
• Documenting and preparing complete Security Assessment Reports (SAR)s and providing Plan of Action and Milestones (POA&M) recommendations/guidance for the authorization boundary
• Assessing proposed changes to authorization boundaries, the operating environment, and mission needs to determine the continuation to operate
• Assisting the government in compliance inspections and representing the customer on inspection teams
• Differentiating between the various types of Cross-Domain Solutions (CDS) and assisting with joint assessments in coordination with other DoD agencies.
• Reviewing and assessing procedures for clearing, sanitizing, and destroying various types of hardware and media
• Ensuring organizations are addressing cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data
• Preparing and delivering briefings on program and/or assessment status to the relevant leadership.