Enterprise Cybersecurity GRC Security Controls Assessor
Listed on 2026-07-17
-
IT/Tech
Cybersecurity, Information Security
Enterprise Cybersecurity GRC Security Controls Assessor
Job Number: R0244234
OpportunityEnterprise Cybersecurity (ECS) Governance, Risk, and Compliance (GRC) plays a pivotal role in safeguarding the organization's sensitive information and ensuring compliance with stringent cybersecurity regulations and guidance. As the Security Controls Assessor, you will support the GRC team responsible for the assessment and management of compliance and regulatory requirements with key stakeholders. You will work closely on Booz Allen's internal information systems and environments assessing their compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 security controls and Cybersecurity Maturity Model Certification (CMMC) requirements.
You will review technical and environmental details to assess the entire threat landscape and provide a hands‑on approach with accountability for assessing and managing compliance and regulatory requirements with key stakeholders. Due to the nature of work performed within this facility, U.S. citizenship is required.
- 8+ years of experience in cybersecurity roles such as Security Control Assessor (SCA), System Steward, Information System Owner (ISO), Controls Validator, Information System Security Officer (ISSO), Information System Security Engineer (ISSE), or Information Systems Security Manager (ISSM)
- Experience performing in-depth assessments of cybersecurity controls, artifacts, and scanning results to evaluate effectiveness and ensure continuous compliance, and evaluating and advising on technical security implementations
- Experience partnering with IT, operations, and delivery teams to provide expert guidance, drive GRC initiatives, and foster a culture of security awareness
- Experience using automation and AI‑driven tools to streamline control assessments, enhance evidence collection, and accelerate compliance validation activities
- Experience with the Department of Defense (DoD), Federal Information Security Modernization Act (FISMA) FedRAMP, NIST, Risk Management Framework (RMF), Dev Sec Ops principles, and Infrastructure‑as‑Code (IAC), and leveraging it for security controls, assessments, and risk mitigation into specific, actionable technical tasks for IL5 environments
- Knowledge of network defense tools
- Knowledge of security control alignment and assessment against NIST SP 800‑53 rev. 4 and rev. 5, NIST SP 800‑171 rev. 2 and rev. 3, the Federal Risk and Authorization Management Program (FedRAMP), CMMC, or System and Organization Controls (SOC) 2 Type II
- Ability to manage the full risk lifecycle, from identification of vulnerabilities to implementation of mitigation strategies and final closure, using both qualitative and quantitative frameworks
- Ability to develop and communicate technical and non‑technical metrics regarding compliance trends and vulnerability management across various business lines
- HS diploma or GED
- Experience identifying problems, determining pragmatic solutions, identifying and obtaining needed resources, and executing with little supervision
- Ability to quickly comprehend complex problems, draw logical conclusions, make sound decisions, develop solutions, and negotiate and respond accordingly to drive closure
- Ability to communicate and collaborate effectively to engage and interact with senior and executive management
- Possession of excellent analytical and problem‑solving skills
At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well‑being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work‑life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full‑time and part‑time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs.
Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits.…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).