Sign Up Sign Up Log In Sign Up

Information Assurance Assessor

Information Assurance Assessor - Senior Associate
Responsibilities
Demonstrates knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews. Demonstrates a working knowledge of FISMA, NIST SP 800 series, FISCAM, and other relevant Federal information assurance laws, regulations, and guidance. Experience performing FISMA, OMB Circular A-123, or similar internal control assessments is nice to have. Experience remediating and implementing IT controls is beneficial. Experience testing or remediating some or all of the following IT controls topic areas is preferable:

  • Access and account management, including authorization, provisioning, recertification, and separation
  • Segregation of duties, including identifying and defining segregation of duties risks and conflicts, preventive and detective segregation of duties controls, and understanding the difference between segregation of duties and least privilege
  • Technical account management controls, such as password length, complexity, and expiration
  • Audit logging and monitoring, including generation of audit logs, use of audit log aggregation and analysis tools, and audit log monitoring and review
  • Configuration management, including configuration baseline concepts, baseline deviations, baseline maintenance, monitoring for ongoing compliance with a baseline, and industry-accepted baselines such as DISA STIGs and CIS benchmarks
  • Change management, including authorization, development, testing, and deployment of changes
  • Contingency planning, including backups, testing of backups, and alternate sites

Qualifications

Responsibilities include some or all of the following:

  • Performing rigorous assessments of IT controls using industry-standard guidance and leading practices
  • Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrators
  • Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings
  • Evaluate the design and operating effectiveness of IT controls using provided artifacts, industry-standard guidance, leading practices, and professional judgement
  • Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion
  • Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel
  • Planning and executing day-to-day activities of IT controls assessments individually and for the team
  • Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans
  • Providing subject matter expertise to client personnel on all matters relating to IT controls and responding to ad-hoc IT controls requests from client personnel
This role supports client work contractually requiring a Public Trust clearance.
Additional Requirements

  • This position requires successful completion of a background check and employment verification.
The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.

Governance, Risk and Compliance Security Consulting Practice. You will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting. Looking for candidates that will:

  • Work with Federal (and potentially commercial) clients in the role of Independent Security Consultant and Assessor
  • Plan and perform security assessments by evaluating network and security technologies
  • Verify system, application or business security by performing security assessments, code reviews, configuration and network design reviews
  • Interview key stakeholders across the client organization to support security assessment
  • Support and guide information risk and security discussions with technical and non-technical groups
  • Analyze client security programs for maturity and performance relating to industry accepted best practices
  • Develop recommendations for remediating risk and compliance gaps
  • Evaluate information security risk in for business environment controls and industry requirements
  • Provide client guidance for information security best practices
  • Follow standard methodologies for evaluating industry security controls based on formulized security frameworks
  • Execute in high demanding, fast paced environments with tight deadlines
  • Draft deliverable documentation to meet client security needs
  • Create security roadmaps for client security program development and improvement
  • Support GRC Practice and firm initiatives
GRC Security Consultant & Assessor
Requirements
  • BA/BS in information technology or related field preferred
  • 4 plus years of experience in security governance, risk assessments and regulatory/controls
  • Federal experience preferred
  • Experience and understanding of industry security tool including Splunk, RSA Archer, etc
  • Experience at a professional consulting services firm a plus
  • Experience with the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices
  • Must be able to assess clients against a wide variety of security and compliance frameworks (NIST (800-53, 800-37, 800-171, CSF), FISMA, FedRAMP, HIPAA, etc)
  • Experience with the development and implementation of information security policies, standards and related procedures for security programs
Preferred
  • A solid understanding of IT security technologies, including network and application security, firewalls, access management, and data protection
  • Strong written and verbal communication skills, including the ability to explain technical matters to a non-technical audience
  • Ability to clearly document assessment results
  • Ability to take a proactive approach in building, maintaining and expanding on client relationships
  • Knowledge of cloud security processes and technologies
  • Ability to work both independently and as part of a team
  • General understanding of federal contracting environment
Certifications:
  • Security+
  • CISSP
  • CSIRC
  • CISA

Required Education:
Bachelor’s degree in Computer and Information Systems, Engineering, Science, or Mathematics;

G08 requires Bachelor’s and 4+ year’s concentration in an Information Assurance role or equivalent experience;

G09 requires Bachelor’s and 6+ year’s concentration in a Information Assurance role or equivalent experience;

• Additional work experience may be considered in lieu of education

139925

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

Advertisement
Company Name:
Security Clearance:
Public Trust
Location:
Dulles, Virginia
Country:
United States
Salary:
Not Specified
Job Number:




Send me email alerts for similar jobs

JOIN US