Security Control Assessor

ECS is seeking a Security Control Assessor to work Remotely.

Salary Range: $90,000 - $120,000

General Description of Benefits  

• Strong written and verbal communication skills. 
• Strong communication ability across all levels of management. 
• Experience in planning assessments and a collaborative member with a team of security control assessors 
• Three (3)+ years’ experience supporting security assessment teams is required. 
• Experience in presenting control requirements and deficiencies to both technical and non-technical audiences. 
• Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required. 
• Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays 
• Possesses a strong understanding of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations. 
• Experience with development and writing of risk-based documentation. 
• Experience with Power automate, Power BI, & Microsoft Project Online.
• Experience performing Certification and Accreditation (C&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Certification and Accreditation documents. 
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. 
• Experience with cloud technology offerings from AWS and Azure and assessing systems hosted within those environments. 
• Experience performing assessment in accordance with the policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the OCC. 
• Certifications/Licenses: 
  • Bachelor’s degree or higher in Computer Science’s, MIS/IT, Engineering, Information Security/IA, or related discipline to work requirement 
  • Five (5)+ years of Information Security experience required. 
  • Two (2)+ years of experience with the use of eGRC tools.