USAFA Security Control Assessor

SiloSmashers, Inc. is a strategy, technology, and management consulting firm, founded in 1992, and located in Reston, Virginia. SiloSmashers delivers superior services and solutions to the public sector in the areas of project/program management, performance management, and IT security. The company provides innovative, collaborative business approaches, and proven methodologies that enable customers to break down organizational silos and optimize operational efficiency to achieve peak performance and mission success. Come join our team!

Summary:

Security Control Assessor Representative (SCAR)Conduct assessment of information systems and associated security and privacy controls as detailed in NIST SP 800-53a, DoDI 8500.01(Cyber Security), 8510.01 (Risk Management Framework for Air Force Information Technology), and AFI 17-101 (Risk Management Framework for Air Force Information Technology) for information systems supporting the United States Air Force Academy. Prepares security assessment plans, as well as security and risk assessment reports of the results of assessments and recommendations regarding the authorization of assessed systems.

Job Duties:

• Providing support to plan, coordinate, and implement the organization's information security program.
• Establish point of contact to Understand organizations mission, functions, and business processes.
• Prepare for assessments, validate system architecture, assessment scope, and authorization boundaries prior to assessments.
• Develop assessment plans based on security and privacy plans using recommended assessment methods and objects detailed in NIST SP-800-53a.
• Obtain organizing technical information and supporting artifacts as required to support assessments.
• Conduct kickoff meetings, daily status briefings with system stakeholders to ensure any issues are identified and addressed in a timely fashion.
• Gather evidence using approved methods such as examine, interview and test.
• Analyze evidence and conduct information system risk assessment and prepare risk assessment report.
• Develop the systems executive summary briefing.
• Review Risk Assessment to ensure all test results are properly documented.
• Deliver results, review associated POA&Ms and submit authorization package.
• Working knowledge of the following areas is required: understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products and current Internet/EC technology.

Qualifications:

• Minimum of ten (10) years information security related experience
• Currently holds, or able to obtain, DoD IT Tier 3 security background investigation/clearance.
• Possess on or more applicable certifications: CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISSP or CISSP-ISSEP or GSLC or GSNA
• Bachelor of Science degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science.
• Working experience in Federal Government Strongly Desired
• US Citizen