Senior Security Controls Assessor
Washington, DC, District of Columbia, United States; McLean, Virginia, United States
Full Time Senior-level / Expert Clearance required USD 37K - 70K *
Capgemini
A global leader in consulting, technology services and digital transformation, we offer an array of integrated services combining technology with deep sector expertise.Job Description:
Capgemini Government Solutions (CGS) LLC is seeking a highly motivated Senior Security Controls Assessor to join our team in the Washington, D.C. metro to support our government clients. The Senior Security Controls Assessor is a multifaceted role that collaborates with other teams across the business.
The successful candidate will have the opportunity to apply and grow their skillset, work with a motivated and entrepreneurial team, engage with a wide range of stakeholders, and build CGS’ capabilities.
Key responsibilities:
- Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.
- Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).
- Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.
- Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.
- Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).
- Develop and implement a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6
- Document and provide findings and recommendations that are concise, system-specific, and actionable.
- Analyze security tool reports and resolve residual risk or false positives from technical reports and artifacts before assigning findings.Add no more than 5-7 bullet points
Required Skills:
- Three (3) years’ experience performing security control assessments required.
- Experience in planning assessments and be a senior member in a team of security control assessors
- Experience in communicating control requirements and deficiencies to both technical and non-technical audiences.
- Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required.
- Ability to analyze information system configurations and technical specifications against NIST SP 800-53r4/5 and other overlays
- Possesses a solid grasp of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations.
- Experience with development and writing of risk-based documentation.
- Experience with Step 4 of RMF process- Assessing Security Controls
- Strong written and verbal communication skills.
- Good communication ability across all levels of management.
- Ability to acquire Public Trust clearance or higher as required
- Bachelor’s degree or higher in Computer Science’s, MIS/IT, Engineering, Information Security/IA, or related subject area to work requirements no more than 3-5 required skills.
- Five (5) years of experience related to security control evaluation and compliance with Federal RMF requirements.
- Two (2) years of experience with the use of eGRC tools in Federal environment
- Experience performing Assessment and Authorization (A&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Authorization document development and/or review.
- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures applying standards-based concepts and capabilities.
- Experience with cloud technology offerings from AWS and Azure and assessing systems hosted within those environments
- Experience performing assessment in accordance with the policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the FDIC
Life at Capgemini
Capgemini supports all aspects of your well-being throughout the changing stages of your life and career. For eligible employees, we offer:
- Flexible work
- Healthcare including dental, vision, mental health, and well-being programs
- Financial well-being programs such as 401(k) and Employee Share Ownership Plan
- Paid time off and paid holidays
- Paid parental leave
- Family building benefits like adoption assistance, surrogacy, and cryopreservation
- Social well-being benefits like subsidized back-up child/elder care and tutoring
- Mentoring, coaching and learning programs
- Employee Resource Groups
- Disaster Relief
About Capgemini
Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of €22 billion.
Get The Future You Want | www.capgemini.com
Disclaimer
Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.
Capgemini is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to your recruiting contact.
Click the following link for more information on your rights as an Applicant http://www.capgemini.com/resources/equal-employment-opportunity-is-the-law
Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.
Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Azure C Clearance Cloud Compliance Computer Science FISMA Incident response Monitoring NIST NIST 800-53 Privacy Risk assessment RMF Security assessment Strategy System Security Plan
Perks/benefits: Career development Flex vacation Health care Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs