Cyber Security Control Assessor

The Opportunity

Cyber Security Control Assessor

Job Category:
Engineering, Time Type:
Full time, Employee Type:
Regular

Minimum Clearance Required to Start:
None

Employee will support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. as a senior independent assessor for control design, implementation, and effectiveness across assigned systems and authorization boundaries.

The Cyber Security Control Assessor will evaluate the effectiveness of IT security controls, including management, operational, and technical controls, and determine compliance with NIST SP 800‑53 and DoD RMF. Responsibilities include performing assessment procedures (interviews, examinations, testing), analyzing System Security Plans (SSPs), policies, procedures, and evidence artifacts; identifying security gaps and evaluating residual risk; generating findings for Security Assessment Reports (SAR);

supporting authorization to operate (ATO) at acceptable risk levels; monitoring and testing for vulnerabilities and incidents; providing recommendations for risk mitigation; and supporting continuous monitoring and ongoing authorization efforts.

• U.S. Citizenship required
• FEMA EOD suitability or Current DHS or FEMA EOD preferred
• BS/BA + 7 years of applicable experience in RMF, control assessment, audit, cybersecurity compliance, or security engineering
• 5+ years of experience in RMF, control assessment, audit, cybersecurity compliance, or security engineering
• Demonstrated expertise in NIST SP 800‑53, NIST SP 800‑37 (RMF), and D

Pay Range: $113,200 - $237,800

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.