Security Control Assessor

Overview:

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to deliver their mission most efficiently and effectively – anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results.

As a SkyePoint employee you will be given the opportunity to design, configure, and deploy some of the IT industry’s latest products and services to ensure that our most critical customers maintain the ability to securely communicate and collaborate to meet mission demands.  In your new role you will share and partner with other like-minded, dedicated professionals to review your thoughts and ideas to improve upon and deploy new enterprise IT infrastructures and configurations. You will utilize not only your existing enterprise IT skills and talents to meet your customer’s needs, but also draw upon those new skills that you will learn in your new role. Your ideas and contributions will matter.

This is a contingent position based upon funding.

This is a remote position. 

• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Conduct a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls, i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization
• Schedule and lead System Assessments out-briefs with different stakeholders and provide SAP, SAR, security recommendations and system certifications
• Prepare security, privacy, and supply chain assessment reports containing the results and findings from the assessment
• Provide an assessment of the severity of the deficiencies discovered in the system, environment of operation, and common controls and recommend corrective actions to address the identified vulnerabilities
• Complete and execute a Security Controls Test (SCT) plan that outlines all the assessment activities, including but not limited to the required vulnerability scanning activities, Penetration Testing consistent with DHS RVA standards, guidelines, and templates, coordinate requirements, Scope of the controls and special interest items to be assessed, Provide the final analysis report and briefing to the CISO, Support the Authorizing Official (AO) briefing, Summarize the findings, Provide the detailed findings and Provide the POA&M injection template
• Create or update a 3-year OSA test plan for each system that includes the most resent versions of NIST SP 800-53 control tests and any additional tests the Department requires to be included for OSA. A subset of the controls will be tested or assessed each quarter so that all controls will be tested or assessed at least once during a three-year period
• Complete and maintain an OSA master project schedule by using NIST assessment methods and approved OSA procedures
• Create or update program management documentation that include rules of engagement, schedules, annual document reviews, process for POA&M and accepted risk reviews
•  Ensure that appropriate vulnerability and penetration tests are scheduled, conducted, analyzed, and presented to the system owner ad information systems security officer (ISSO).
• Meet with the system ISSO(s) [as needed], systems contractors and the POAM Team, to develop mitigation strategies and identify acceptable evidence criteria to close deficiencies. For all security deficiencies found during a test cycle, per system populate an FSA’s vulnerability tracking tool injection template ensuring appropriate content is included in all required fields
•  Review and provide advice based on analysis for Third Party Website and Applications (TPWA)
• Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
• Create and submit to the CISO, a monthly OSA report that itemizes and describes the OSA scheduled assessment activities (controls, scans, etc.); Production Readiness Reviews (PRRs), scorecards, audits, CM, other tests completed during the past month, and any residual risks added
•  Provide a risk rating, based on the risk profiles of all systems in the OSA program, identify trends, and provides recommendations for improving security across the enterprise. This report shall provide sufficient granularity

• Must be able to obtain a DoED Level 6 High Risk/Public Trust Security Clearance
• Bachelor’s degree or equivalent and at least 5-10 years related experience. 
• At least five (5) years of experience as a Security Controls Assessor or similar audit findings response role.
• Must have Safeguard experience
• Excellent communications and interpersonal skills
• Solid understanding of DoED Information Assurance policy
• Experience with security audits and compliance
• Experience with IT Review Board change requests
• Ensure compliance with DoED Standards and procedures
• Good familiarity with and understanding of all relevant government and agency policies and procedures to ensure system documentation is compliance with relevant guidelines, e.g., FedRAMP, RMF, FISMA, FIPS-II, NIST, etc.
• Certified in Risk and Information Systems Control (CRISC), Certified Authorization Professional (CAP), or equivalent certification required
• CISSP, CEH, GPEN or equivalent certification required
• U.S. Citizenship is required.

Preferred Qualifications:

• Active Top Secret Clearance

What We Can Offer You - 

• Great Benefits: Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, ST/LT Disability, Life Insurance, floating federal holiday options, and 401k matched

• SkyePoint DoD SkillBridge Industry Partner Fellowship Program

• SkyePoint Professional Growth Programs (Internal Training and Mentoring)

• Flexible Work Environment

SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 (with SAM) for Services. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives.

Please be aware of recruiting scams and people claiming to be from SkyePoint Decisions. For more information, please see the Welcome Page of our Careers site.

Skyepoint Decisions is a participating E-Verify Employer. 

U.S. Citizenship is required for most positions.

Equal Opportunity Employer/Veterans/Disabled.