Title: Security Controls Assessor/IT Auditor|
Location: Remote

CyberData Technologies Inc. is currently seeking to hire an experienced Security Controls Assessor/IT Auditor for our federal client.

Responsibilities:

• Lead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of HRSA systems based on predefined test objectives and test plans.
• Coordinate, conduct and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.
• Draft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.
• Develop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives.
• Assist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.
• Review the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.
• Work with the HRSA Risk Management (RM) team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place.
• Produce the Security Assessment Report (SAR) that documents the results of the assessment.
• Review asset, application, and code scan results from various tools for assessed systems
• Review compliance scans against defined HRSA baselines for assessed systems.
• Provide recommendations to system owners and Information System Security Officers (ISSOs) for remediating identified vulnerabilities.
• Write supporting documentation for security control assessment and other risk management processes and procedures.
• Provide process improvement recommendations for day-to-day operations.
• Provide technical guidance to the HRSA RM team and other stakeholders as needed.

Skills & Experience:

• CISSP, CISA, CISM, MCSE, or CAP preferred.
• 5+ years of experience in a similar role.
• Excellent knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications, Risk Management Framework, and other applicable guidance.
• Excellent knowledge of NIST 800-53 Revision 5 controls.
• Excellent knowledge of IT security and infrastructure.
• Able to review and examine various IT certifications and reports such as FedRAMP, SOC 2 and HITRUST.
• Expertise in firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and security audits.
• Great analytical skills to review various aspects of an organization’s information system.
• Excellent written and verbal communication skills.
• Strong interpersonal skills.
• Prior training experience is a plus.
• Ability to work under pressure in a fast-paced environment.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Great awareness of cybersecurity trends and hacking techniques.
• Self-educating capacity to stay abreast of all IT-related discoveries and conventions and ability to learn new skills quickly.
• Familiar with a range of software (MS Office Suite, Synopsis Suite, Tenable Nessus, RSA Archer).
• Experience with facility and data center walk-throughs to assess physical security.