Security Controls Assessor - Senior

Overview

Security Controls Assessor - Senior

This position requires an active Public Trust clearance or the ability to obtain a Public Trust clearance to be considered.

Applicant MUST have prior US Navy or Coastguard Maritime Cyber Security experience

The Senior Security Controls Assessor provides independent assessments of MARAD information systems in support of system authorization, reauthorization, and continuous monitoring activities. This role evaluates management, operational, and technical security controls in accordance with NIST RMF requirements, supports Authority to Operate (ATO) decisions, develops assessment documentation and reports, and collaborates with MARAD, DOT, and cybersecurity stakeholders to ensure compliance, risk visibility, and mission assurance.

Security Controls Assessor - Senior
:

Pay commensurate with experience.

Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice.

• Assess MARAD systems in one of three states:
  System Authorization (Initial Authorization, Reauthorization, or Continuous Monitoring Assessment CMA). The Independent Assessor must be prepared to support the process within each of these three Authorization states.
• Provide annual assessment support to the NSMV and MARAD CIO programs, including on-site evaluations at the Philadelphia shipyard and other locations.
• Conduct independent assessments of specified MARAD information systems following the System Authorization process as defined in the DOT Security Authorization and Continuous Monitoring Performance Guide and templates. Review core documentation including privacy requirements to support development of security assessment plans and schedules; support ATO dates; establish Annual Assessment schedule for deliverables and artifacts.
• Identify non-compliance of security requirements and possible mitigations for requirements that are not in compliance.
• Validate the security requirements of the information system and verify that the system meets them.
• Conduct independent, comprehensive assessments of management, operational, and technical security controls and control enhancements within IT systems to determine overall effectiveness.
• Execute and conduct analysis of network and systems to validate appropriate security control implementation.
• Develop security assessment plans (SAP) and assessment reports compliant with NIST SP 800-53A and NIST SP 800-37; detail assessment findings with supporting evidence.
• Develop SAP detailing assessment scope, exclusions, controls being assessed, methods, schedule, staff, inventory of endpoints/components, and account of system-specific controls.
• Adhere to the approved SAP while executing security controls assessments; collect and catalogue evidence of findings (documents, screenshots, scanning reports, interview notes).
• Develop SARs detailing assessment findings with supporting evidence.
• Develop RARs compliant with NIST SP 800-30; develop POA&M recommendations.
• Develop executive summary documents providing an overview of activities, findings, risks, and mitigation recommendations.
• Enter assessment data into the CSAM database (DOT’s system of record).
• Provide presentations, reports, evaluations, reviews, meeting minutes, and working papers as requested by the COR.
• Apply MARAD/DOT A&A guidance and policy to achieve program objectives and enhance the quality of packages for ATO; collaborate with stakeholders.
• Work with the designated Information Systems Security Manager (ISSM).
• Perform other job-related duties as assigned.

• Bachelor's Degree in Cybersecurity or related IT field (may be substituted for 4 years of experience).
• Bachelor's Degree in an IT Related Field.
• Certified Information Systems Auditor (CISA), Advanced in AI Audit (AAIA), or equivalent certification.
• 12 years of related work experience.
• Prior experience supporting US Navy or Coast Guard Maritime Cyber Assessments.

• Clearance:
  Must possess or be able to obtain a public Trust.

• Prior Department of Transportation experience is a plus.

• Must pass pre-employment qualifications of Cherokee Federal.

Cherokee Federal is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs focus on solving complex challenges and serving the government’s mission. For more information, visit

#Cherokee Federal #LI-SM2 #LI-REMOTE #AppC

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

• Senior Information Security Assessor
• RMF Security Controls Assessor
• Senior Cybersecurity Assessor
• Information Assurance (IA) Assessor
• ATO / RMF Lead Assessor

• Continuous Monitoring (CMA)
• Risk Assessment
• Security Assessment Plan (SAP)
• Security Assessment…