Security Control Assessor

ECS is seeking a Security Control Assessor with 5+ years of Cybersecurity experience, to work Remotely. Please Note: This position is contingent upon contract award.

Salary Range: $90,000 – $115,000

General Description of Benefits

Qualifications

• Strong written and verbal communication skills. 


• Strong communication ability across all levels of management. 


• Experience in planning and completing assessments independently and or with a team of security control assessors 


• Three (3)+ years’ experience supporting security assessment teams is required. 


• Experience in presenting control requirements and deficiencies to both technical and non-technical audiences. 


• Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required. 


• Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays 


• Possesses a strong understanding of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations. 


• Experience with development and writing of risk-based assessments and documentation. 


• Experience with Power automate, Power BI, & Microsoft Project Online.


• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. 


• Experience with cloud technology offerings from AWS and Azure and assessing systems hosted within those environments. 


• Experience performing assessment in accordance with the policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and Treasury. 


• Certifications/Licenses:
  
  
  • Bachelor’s degree or higher in Computer Science’s, MIS/IT, Engineering, Information Security/IA, or related discipline to work requirement 
  
  
  • Five (5)+ years of Information Security experience required. 
  
  
  • Two (2)+ years of experience with the use of eGRC tools.