Security Controls Assessor / It Auditor

CyberData Technologies, Inc., an established technology solution provider based in Herndon, Virginia, is looking to expand its growing team. We are a primary government consultant and infrastructure support contractor. Our employees are our greatest asset and we are committed to their professional development and growth. We provide competitive salaries, bonuses, generous benefit packages, and paid time off to balance work and personal commitments.

Title: Security Controls Assessor/IT Auditor|
Location: Remote

CyberData Technologies Inc. is currently seeking to hire an experienced Security Controls Assessor/IT Auditor for our federal client.

Responsibilities:

• Provide recommendations to system owners and Information System Security Officers (ISSOs) for remediating identified vulnerabilities.
• Draft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.
• Review asset, application, and code scan results from various tools for assessed systems
• Coordinate, conduct and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.
• Provide technical guidance to the HRSA RM team and other stakeholders as needed.
• Write supporting documentation for security control assessment and other risk management processes and procedures.
• Review the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.
• Lead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of HRSA systems based on predefined test objectives and test plans.
• Provide process improvement recommendations for day-to-day operations.
• Work with the HRSA Risk Management (RM) team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place.
• Develop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives.
• Produce the Security Assessment Report (SAR) that documents the results of the assessment.
• Assist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.
• Review compliance scans against defined HRSA baselines for assessed systems.

Skills & Experience:

• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Excellent knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications, Risk Management Framework, and other applicable guidance.
• CISSP, CISA, CISM, MCSE, or CAP preferred.
• Experience with facility and data center walk-throughs to assess physical security.
• Great analytical skills to review various aspects of an organization’s information system.
• Excellent knowledge of NIST 800-53 Revision 5 controls.
• Able to review and examine various IT certifications and reports such as FedRAMP, SOC 2 and HITRUST.
• Familiar with a range of software (MS Office Suite, Synopsis Suite, Tenable Nessus, RSA Archer).
• Strong interpersonal skills.
• 5+ years of experience in a similar role.
• Prior training experience is a plus.
• Ability to work under pressure in a fast-paced environment.
• Great awareness of cybersecurity trends and hacking techniques.
• Excellent written and verbal communication skills.
• Self-educating capacity to stay abreast of all IT-related discoveries and conventions and ability to learn new skills quickly.
• Excellent knowledge of IT security and infrastructure.
• Expertise in firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and security audits.

Principal applicants only. Please no agencies, 3rd party, or staffing firms.

CyberData is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.