Security Control Assessor I - 0009
Number of Openings 1
Clearance Active Secret Required
The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities. Responsibilities will cover Collateral, SAP and/or SCI activities within the customer's area of responsibilities.
The SCA will perform the following responsibilities:
- Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructure
- Perform assessment of information systems, based upon the Risk Management Framework (RMF)/ Joint Special Access Program Implementation Guide (JSIG), DCID 6/3, DITSCAP, DIACAP and/or JAFAN 6/3 Certification and Accreditation (C&A)/authorization and assessment processes
- Advise the Authorizing Official (AO) and/or Delegated Authorizing Official (DAO) on any assessment and authorization issues
- Advise the Authorizing Official (AO), Delegated Authorizing Official (DAO), Office of Chief Information Officer (OCIO), and/or Program Security Officer (PSO) on assessment methodologies and processes
- Evaluate Authorization packages and make recommendation to the AO and/or DAO for authorization
- Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required
- Advise the Information Security Officer (ISO) and PSO concerning the impact levels for confidentiality, integrity, and availability for information on a system
- Evaluate threats and vulnerabilities to ISs to ascertain the need for additional safeguards.
- Review and approve the IS Security Control Assessment Procedures, the Security Assessment Plan, the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM).
- Ensure security assessments are completed for each IS
- At the conclusion of each security assessment activity, prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment
- Initiate a POA&M with identified weaknesses and suspense dates for each IS, based on findings and recommendations from the SAR
- Evaluate security assessment documentation and provide written recommendations for security authorization to the AO
- Develop recommendation for authorization and submit the security authorization package to the AO
- Assess proposed changes to ISs, their environment of operation, and mission needs that could affect system authorization
- Ensure approved procedures are in place for clearing, purging, declassifying, and releasing IS memory, media, and output
- Assist in team compliance inspections
- Assist PSOs with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken
- Assess changes within the IS boundary that could affect the authorization of the boundary
- Ensure that IS requirements are addressed during all phases of the system life cycle
- Other duties as assigned.
Secret Security Clearance with SCI eligibility required and current within the last five years
- Eligibility for access to Special Access Program (SAP) Information and/or eligibility for Special Compartmented Information (SCI)
- Willingness to submit to a Counterintelligence (CI) polygraph
- Have a Periodic Reinvestigation no older than five (5) years
- Must possess Information Assurance Technician/Information Assurance Manager (IAT/IAM) Level II at date of hire
- Must obtain IAT/IAM Level 3 within 6 months of the date of hire
Years of Experience/Education Requirements
- Bachelors degree in a related discipline or equivalent experience strongly preferred
- 5-7 years related experience (7 years minimum, if no degree)
- Minimum of four (4) years' experience in SAP and/or SCI Security and the implementation of regulations identified in the description of duties.
Required Skills (Knowledge, Skills, Abilities)
- Experience with Information Assurance (IA) vulnerability scanning software tools, implementing Security Technical Implementation Guides (STIGS), and applying IA Vulnerability Assessment (IAVA) patches
- Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables
- Knowledge of DITSCAP, RMF, DoD C&A processes, DoD 8500 (Cybersecurity) series and Common Criteria
- Experience in JAFAN 6/3 or ICD 503, Joint Special Access Programs Implementation Guide (JSIG) and NISPOM application as related to C&A
- Has experience with IA vulnerability scanning software tools, implementing Security Implementation Guides (STIGS), and applying IAVA patches.
- Has experience creating and maintaining various security documents such as the SCP/VSR, System Backup and Recovery Plans (SBRPs) and Plan of Action and Milestone (POA&M) tables.
- Demonstrated experience in aircraft and international programs
- Ability to constructively engage and resolve challenging situations
- Possess excellent briefing and technical writing skills
- Available to work before/after typical office hours as work may demand
- Independent self-starter, proactive and professional assertive
- Effective oral and written communication skills, excellent interpersonal skills, and computer literacy
- Proficiency with MS Office Suite (MS Word, Excel, PowerPoint and Outlook)
- Strong analytical and problem solving skills
- Superior verbal/written skills and presentation skills
- Ability to multitask
About the Organization From our start in 2005, System High has been recognized as the provider of choice for innovative security engineering. Delivering high-end information protection services, over 50% of our security professionals are US Military veterans. Patriotism, commitment to excellence, and successful mission accomplishment permeate our corporate culture. Whether designing or constructing secure facilities (SCIFs), performing IT systems certification and accreditation, establishing regulatory compliant corporate security programs, or producing life-cycle protection planning for complex systems acquisitions, System High has the expertise and tools to facilitate mission success.
EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.
This position is currently accepting applications.
Meet Some of System High's Employees
Chief Human Capital Officer
Sarah has been charged by the CEO as being responsible for looking after the personal and professional wellbeing of each and every System High team member.
Back to top